Professional Documents
Culture Documents
Software Distributor Administration Guide
Software Distributor Administration Guide
The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express
warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall
not be liable for technical or editorial errors or omissions contained herein.
Intel® Itanium® Logo, Intel, Intel Inside and Itanium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United
States and other countries.
Contents 3
1.3.12.3 Using Help... ...................................................................................................34
1.3.12.4 Product Information... ........................................................................................34
1.3.13 XToolkit Options and Changing Display Fonts .............................................................34
1.4 Working from the Command Line........................................................................................34
1.4.1 Software Selections....................................................................................................35
1.4.1.1 Syntax...............................................................................................................35
1.4.1.2 Software Files.....................................................................................................36
1.4.1.3 How Commands and Options Interact with Selections..............................................36
1.4.2 Target Selections.......................................................................................................37
1.4.2.1 Syntax..............................................................................................................37
1.4.2.2 Target Files........................................................................................................37
1.4.3 Using Command Options...........................................................................................37
1.4.3.1 Examples..........................................................................................................38
1.4.4 Session Files.............................................................................................................39
4 Contents
3.1.4.3 Creating Custom Lists .........................................................................................69
3.1.4.4 Listing Patches....................................................................................................70
3.1.4.5 Using Software Codewords and Customer IDs .......................................................70
3.1.4.6 Listing Software by Levels.....................................................................................70
3.1.4.6.1 Specifying Product Level ..............................................................................70
3.1.4.6.2 Specifying Subproduct Level ........................................................................71
3.1.4.6.3 Specifying Fileset Level ...............................................................................71
3.1.4.6.4 Specifying Files Level ..................................................................................71
3.1.4.6.5 Depot Lists ................................................................................................72
3.1.4.6.6 Verbose List ...............................................................................................72
3.2 Modifying the IPD (swmodify).............................................................................................74
3.2.1 IPD Contents.............................................................................................................75
3.2.2 Using swmodify........................................................................................................75
3.2.3 swmodify Tasks and Examples ...................................................................................78
3.2.3.1 Adding Information to the IPD..............................................................................78
3.2.3.2 Changing Existing IPD Information.......................................................................78
3.2.3.3 Defining New Objects........................................................................................78
3.3 Removing Installed Software (swremove)..............................................................................78
3.3.1 swremove Features and Limitations...............................................................................78
3.3.2 Using the swremove GUI............................................................................................79
3.3.3 Removing with the Command Line...............................................................................82
3.3.4 Remove Tasks and Examples.......................................................................................83
3.3.4.1 Removing Bundles..............................................................................................84
3.3.4.2 Removing Patches .............................................................................................84
3.3.4.3 Removing Multiple Versions ................................................................................84
3.3.4.4 Removing Software from an Alternate Root ...........................................................84
Contents 5
4.5.5 Managing Multiple Versions of HP-UX........................................................................100
4.5.6 Listing Registered Depots..........................................................................................100
4.5.7 Listing the Contents of a Depot (swlist -d) ...................................................................100
4.5.8 Source Depot Auditing.............................................................................................101
4.5.9 Verifying a Depot (swverify -d) .................................................................................102
4.5.10 Removing Software from Depots...............................................................................102
4.5.11 Removing a Depot..................................................................................................102
6 Contents
7.2.1 Target Selection Window..........................................................................................121
7.2.2 Performing Actions...................................................................................................121
7.2.3 Selecting Multiple Targets.........................................................................................122
7.2.4 Selecting Individual Targets.......................................................................................123
7.2.5 Saving a Target Group.............................................................................................123
7.2.6 Adding a Target Group............................................................................................123
7.3 Setting Up Remote Operations..........................................................................................124
7.4 Remote Operations Tutorial...............................................................................................124
7.4.1 Tutorial Set-Up.........................................................................................................124
7.4.2 How to Perform a Single-Target Installation.................................................................125
7.5 Remote Interactive swlist...................................................................................................132
7.6 Remote Operations from the Command Line.......................................................................132
7.6.1 Target Selections......................................................................................................132
7.6.1.1 Syntax.............................................................................................................133
7.6.1.2 Target Files......................................................................................................133
7.6.2 Examples...............................................................................................................133
7.6.2.1 swacl..............................................................................................................133
7.6.2.2 swask.............................................................................................................134
7.6.2.3 swconfig.........................................................................................................134
7.6.2.4 swcopy...........................................................................................................134
7.6.2.5 swinstall..........................................................................................................134
7.6.2.6 swjob.............................................................................................................134
7.6.2.7 swlist..............................................................................................................134
7.6.2.8 swreg.............................................................................................................135
7.6.2.9 swremove........................................................................................................135
7.6.2.10 swverify.........................................................................................................135
Contents 7
9.3.4 Restricting Access to Depots .....................................................................................151
9.3.5 Adding Target Hosts ...............................................................................................152
9.3.6 Temporarily Restricting Access ..................................................................................152
9.3.7 Closing the SD-UX Network .....................................................................................152
9.3.8 Editing an ACL .......................................................................................................153
9.4 How ACLs are Matched to the User ..................................................................................154
9.5 ACL Entries ....................................................................................................................154
9.5.1 ACL Keys ...............................................................................................................155
9.5.2 ACL Permissions .....................................................................................................156
9.5.3 Object Protection ....................................................................................................156
9.5.3.1 Host System ACLs ............................................................................................157
9.5.3.2 Root ACLs ......................................................................................................158
9.5.3.3 Depot ACLs ....................................................................................................158
9.5.3.4 Product ACLs ..................................................................................................159
9.5.4 ACL Templates .......................................................................................................159
9.5.4.1 Default ACL Template Entries .............................................................................160
9.5.4.1.1 Container ACL Template.............................................................................160
9.5.4.1.2 Product ACL Template................................................................................160
9.6 Security on SD-UX Systems ..............................................................................................161
9.7 SD-UX Internal Authentication ..........................................................................................162
9.7.1 SD-UX Credentials ...................................................................................................162
9.7.1.1 Controllers Run with the User’s Credentials and Privileges .......................................163
9.7.1.2 Agents Run with the System’s Identity ..................................................................163
9.7.2 Security Between Hosts: The Shared Secrets File ..........................................................163
9.8 RPC Authorization...........................................................................................................164
9.8.1 How Agents Handle Controller Requests ....................................................................164
9.8.2 Local Superuser Authorization ..................................................................................165
9.8.2.1 Delegation .....................................................................................................165
9.8.3 Depot Registration and Daemon/Agent Security .........................................................165
9.9 Security Use Models .......................................................................................................165
9.9.1 Security in Remote Distributions .................................................................................166
9.9.2 Security in Local Distributions ...................................................................................166
9.9.2.1 Restricting Installation to Specific Target Systems by Specific Users ..........................166
9.9.3 Security for Software Developers ...............................................................................166
9.10 Permission Requirements, by Command ...........................................................................167
9.10.1 Packaging (swpackage) ..........................................................................................167
9.10.2 Listing (swlist) ........................................................................................................167
9.10.3 Job Browsing (sd, swjob) ........................................................................................167
9.10.4 Copying (swcopy) .................................................................................................167
9.10.5 Installing (swinstall) ................................................................................................168
9.10.6 Removal (swremove) ..............................................................................................168
9.10.7 Configuration (swconfig) ........................................................................................168
9.10.8 Verify (swverify) ....................................................................................................168
9.10.9 Registering Depots (swreg) .....................................................................................168
9.10.10 Changing ACLs (swacl)..........................................................................................168
9.10.11 Request Scripts (swask)...........................................................................................169
9.10.12 Modify (swmodify)................................................................................................169
8 Contents
10.3 Adding Control Scripts...................................................................................................172
10.4 Creating a Product Specification File (PSF) .......................................................................173
10.4.1 Product Specification File Examples .........................................................................173
10.4.1.1 Minimal PSF ..................................................................................................173
10.4.1.2 Typical PSF....................................................................................................174
10.4.2 PSF Syntax ..........................................................................................................175
10.4.2.1 PSF Object Syntax .........................................................................................175
10.4.2.1.1 Control Files............................................................................................177
10.4.2.2 Selecting the PSF Layout Version .....................................................................178
10.4.2.3 PSF Value Types ............................................................................................178
10.4.2.4 Product Specification File Semantics.................................................................181
10.4.2.4.1 Vendor-Defined Attributes........................................................................181
10.4.2.4.2 Distribution (Depot) Specification..............................................................181
10.4.2.4.3 Vendor Specification..............................................................................182
10.4.2.4.4 Category Specification...........................................................................182
10.4.2.4.5 Product or Bundle Specification................................................................183
10.4.2.4.6 Control Script Specification......................................................................185
10.4.2.4.7 Subproduct Specification.........................................................................185
10.4.2.4.8 Fileset Specification................................................................................186
10.4.2.4.9 Dependency Specification.......................................................................188
10.4.2.4.10 Control Script Specification....................................................................189
10.4.2.4.11 File Specification...................................................................................189
10.4.2.5 Re-Specifying Files ........................................................................................194
10.5 Packaging the Software (swpackage) ..............................................................................195
10.5.1 Using swpackage..................................................................................................198
10.5.1.1 Output of Logfile Messages ..............................................................................200
10.6 Packaging Tasks and Examples.......................................................................................200
10.6.1 Registering Depots Created by swpackage ...............................................................200
10.6.2 Creating and Mastering a CD-ROM Depot...............................................................201
10.6.3 Compressing Files to Increase Performance ..............................................................201
10.6.4 Packaging Security ...............................................................................................201
10.6.4.1 ACL Creation ................................................................................................202
10.6.5 Repackaging or Modifying a Software Package .......................................................203
10.6.6 Packaging In Place ...............................................................................................204
10.6.7 Following Symbolic Links in the Source ....................................................................204
10.6.8 Generating File Revisions ......................................................................................204
10.6.9 Depots on Remote File Systems ...............................................................................204
10.6.10 Verifying the Software Package .............................................................................205
10.6.11 Packaging Patch Software......................................................................................205
10.6.12 Writing to Multiple Tapes .....................................................................................205
10.6.13 Making Tapes from an Existing Depot ....................................................................206
Contents 9
11.4.1.2 LC_ALL...........................................................................................................214
11.4.1.3 LC_CTYPE.......................................................................................................214
11.4.1.4 LC_MESSAGES................................................................................................214
11.4.1.5 LC_TIME.........................................................................................................214
11.4.1.6 TZ.................................................................................................................214
11.4.2 Variables That Affect All SD-UX Scripts......................................................................214
11.4.2.1 SW_CATALOG...............................................................................................214
11.4.2.2 SW_CONTROL_DIRECTORY ...........................................................................214
11.4.2.3 SW_CONTROL_TAG......................................................................................214
11.4.2.4 SW_LOCATION ............................................................................................214
11.4.2.5 SW_PATH .....................................................................................................215
11.4.2.6 SW_ROOT_DIRECTORY .................................................................................215
11.4.2.7 SW_SESSION_OPTIONS................................................................................215
11.4.2.8 SW_SOFTWARE_SPEC...................................................................................215
11.4.3 Variables That Affect swinstall and swremove.............................................................215
11.4.3.1 SW_DEFERRED_KERNBLD ...............................................................................215
11.4.3.2 SW_INITIAL_INSTALL .....................................................................................216
11.4.3.3 SW_KERNEL_PATH ........................................................................................216
11.4.3.4 SW_SESSION_IS_KERNEL...............................................................................216
11.4.3.5 SW_SESSION_IS_REBOOT..............................................................................216
11.4.3.6 SW_SYSTEM_FILE_PATH .................................................................................216
11.4.4 Variables That Affect swverify...................................................................................216
11.4.4.1 SW_IS_COMPATIBLE.......................................................................................216
11.4.5 Environment Variables That Affect swinstall, swremove and swconfig in SRP....................216
11.4.5.1 SW_ALLOW_LOCAL_SRP_OPS.........................................................................216
11.5 Execution of Control Scripts ............................................................................................216
11.5.1 Details Common to All Control Scripts .......................................................................217
11.5.2 Checkinstall Scripts ................................................................................................217
11.5.3 Preinstall Scripts ....................................................................................................218
11.5.4 Postinstall Scripts ...................................................................................................218
11.5.5 Configure Scripts ...................................................................................................219
11.5.6 Unconfigure Scripts ................................................................................................219
11.5.7 Verify Scripts .........................................................................................................219
11.5.8 Fix Scripts..............................................................................................................220
11.5.9 Checkremove Scripts ..............................................................................................220
11.5.10 Preremove Scripts .................................................................................................220
11.5.11 Postremove Scripts .................................................................................................221
11.5.12 Request Scripts......................................................................................................221
11.6 Execution of Other Commands by Control Scripts ..............................................................222
11.7 Control Script Input and Output.......................................................................................222
11.8 File Management by Control Scripts ................................................................................224
11.9 Testing Control Scripts ...................................................................................................224
11.9.1 Testing Installation Scripts ........................................................................................225
11.9.2 Testing Configuration Scripts ...................................................................................225
11.9.3 Testing Removal Scripts ...........................................................................................226
11.10 Requesting User Responses (swask).................................................................................227
11.10.1 Using swask..........................................................................................................227
11.11 Request Script Tasks and Examples..................................................................................228
11.11.1 swask Examples.....................................................................................................229
11.11.2 swinstall Examples..................................................................................................229
11.11.3 swconfig Examples.................................................................................................229
12 Nonprivileged SD ................................................................................231
12.1 Overview......................................................................................................................231
10 Contents
12.1.1 Who Can Benefit?...................................................................................................231
12.1.2 How Does It Work?................................................................................................231
12.1.3 Limitations..............................................................................................................231
12.2 Setting Up Nonprivileged Mode......................................................................................232
12.2.1 Packaging Software for Use in Nonprivileged Mode...................................................232
12.2.2 Turning On Nonprivileged Mode.............................................................................232
12.2.3 How Nonprivileged Mode Changes SD-UX Behavior..................................................233
12.3 Default Configuration.....................................................................................................233
12.4 Alternative Configuration................................................................................................233
12.4.1 Setting the Admin Directory Option..........................................................................233
A Command Options.................................................................................235
A.1 Changing Command Options...........................................................................................235
A.2 Options Listed Alphabetically...........................................................................................236
B Troubleshooting......................................................................................261
B.1 Error Logging .................................................................................................................261
B.1.1 Error Messages .......................................................................................................261
B.1.2 Warning Messages .................................................................................................261
B.1.3 Notes ....................................................................................................................262
B.2 Common Problems .........................................................................................................262
B.2.1 Cannot Contact Target Host’s Daemon or Agent .........................................................262
B.2.2 GUI Won’t Start or Missing Support Files....................................................................263
B.2.3 Access To An Object Is Denied ................................................................................264
B.2.3.1 The Effects of ACL Modifications.........................................................................264
B.2.3.2 Do Not Modify ACL Files Without swacl.............................................................265
B.2.3.3 Inter-host Secrets..............................................................................................265
B.2.3.4 Working With Depot Images.............................................................................265
B.2.4 Slow Network Performance ......................................................................................265
B.2.5 Connection Timeouts and Other WAN Problems ........................................................266
B.2.6 Disk Space Analysis Is Incorrect ...............................................................................267
B.2.7 Packager Fails ........................................................................................................267
B.2.8 Command Logfile Grows Too Large...........................................................................267
B.2.9 Daemon Logfile Is Too Long......................................................................................267
B.2.10 Cannot Read a Tape Depot ....................................................................................268
B.2.11 Installation Fails .....................................................................................................268
B.2.12 swinstall or swremove Fails With a Lock Error.............................................................268
B.2.13 Use of Square Brackets ([ and ]) Around an IPv6 Address Causes an Error.....................268
Contents 11
Glossary..................................................................................................277
Index.......................................................................................................287
12 Contents
About This Document
This guide describes using Software Distributor (SD) to deliver, manage and maintain HP-UX
operating systems and layered software applications. This guide is written for experienced HP-UX
system administrators who are responsible for setting up and maintaining HP-UX servers and
workstations.
Intended Audience
This guide is written for the following types of users and administrators:
• Stand-alone HP-UX users, primarily concerned with quick and easy access to the right software
management tools to get their normal work done. This may include software installation,
viewing, or removal and basic depot management.
• HP-UX system administrators, primarily concerned with keeping other users up and running.
Additional software management tasks may include more complex depot management, security,
patch management, remote operations, and performance management.
• Software packagers, primarily concerned with packaging software into SD-usable format and
writing scripts that may accompany the packaged software.
The uname(1) command with the -r option returns the release identifier.
You can also determine the update release date and the Operating Environment by entering the
following:
# swlist | grep HPUX11i
The resulting output will list the current release identifier, update release date, and Operating
Environment. For example:
HPUX11i-TCOE B.11.23.0512 HP-UX Technical
Computing Operating Environment Component
The above revision string represents the following:
B.11.23 = HP-UX 11i v2
0512 = December 2005 Update Release
Typographic Conventions
We use the following typographical conventions.
Intended Audience 13
audit(5) An HP-UX manpage. audit is the name and 5 is the section in the HP-UX
Reference. On the web and on the Instant Information CD, it may be a hot link
to the manpage itself. From the HP-UX command line, enter “man audit” or
“man 5 audit” to view the manpage. See man(1).
Book Title The title of a book. On the web and on the Instant Information CD, it may be
a hot link to the book itself.
Emphasis Text that is emphasized.
Emphasis Text that is strongly emphasized.
ComputerOut Text displayed by the computer.
Command A command name or qualified command phrase.
Computer Computer font indicates literal items displayed by the computer. For example:
file not found
Filename Text that shows a filename and/or filepath.
UserInput Commands and other text that you type.
Variable The name of a variable that you may replace in a command or function or
information in a display that represents several possible values.
[ ] The contents are optional in formats and command descriptions.
{ } The contents are required in formats and command descriptions. If the contents
are a list separated by |, you must choose one of the items
... The preceding element may be repeated an arbitrary number of times.
| Separates items in a list of choices.
Publication History
The manual’s publication date and part number indicate its current edition. The publication date
will change when a new edition is released. The manual part number will change when extensive
changes are made.
To ensure that you receive the new editions, you should subscribe to the appropriate product
support service. See your HP sales representative for details.
• Software Distributor Administration Guide for HP-UX 11i v1, 11i v2, and 11i v3; March 2013,
5900-2561
• Software Distributor Administration Guide for HP-UX 11i v1, 11i v2, and 11i v3; September
2012, 5900-2488
• Software Distributor Administration Guide for HP-UX 11i v1, 11i v2, and 11i v3; March 2012,
5900-1318
• Software Distributor Administration Guide for HP-UX 11i v1, 11i v2, and 11i v3; September
2011, 5900-1318
• Software Distributor Administration Guide for HP-UX 11i v1, 11i v2, and 11i v3; September
2010, 5900-0856
• Software Distributor Administration Guide for HP-UX 11i v1, 11i v2, and 11i v3; March 2010,
5992-5187
• Software Distributor Administration Guide for HP-UX 11i v1, 11i v2, and 11i v3; September
2009, 5900-0307
• Software Distributor Administration Guide for HP-UX 11i v1, 11i v2, and 11i v3; March 2009,
5992-5875
• Software Distributor Administration Guide for HP-UX 11i v1, 11i v2, and 11i v3; September
2008, 5992-4826
14
• Software Distributor Administration Guide for HP-UX 11i v1, 11i v2, and 11i v3; December
2007, 5992–2146
• Software Distributor Administration Guide for HP-UX 11i v1, 11i v2: June 2006, B2355-90979
• Software Distributor Administration Guide for HP-UX 11i v2: September 2003, B2355-90789
• Software Distributor Administration Guide for HP-UX 11i v1.6: June 2002, B2355-90754
• Managing HP-UX Software with SD-UX
For HP-UX 11i Version 1.5: June 2001, B2355-90740
• Managing HP-UX Software with SD-UX
For HP-UX 11i: December 2000, B2355-90699
• Managing HP-UX Software with SD-UX
For HP-UX 11.00: November 1997, B2355-90154
• Managing HP-UX Software with SD-UX
For HP-UX 10.x: April 1997, B2355-90107
New editions of this manual will incorporate all material updated since the previous edition. For
the latest version, visit the BSC website at http://www.hp.com/go/sd-docs.
Related Documents
The following documents are available on the BSC website at http://www.hp.com/go/bizsupport.
• Ignite-UX Reference
• Successful System Cloning using Ignite-UX White Paper
• Configuring Bastille to Operate with Ignite-UX White Paper
• Ignite-UX Custom Configuration Files White Paper
• Successful System Recovery using Ignite-UX White Paper
• Troubleshooting Ignite-UX Installation Booting White Paper
• Read Before Installing or Updating to HP-UX
• HP-UX Installation and Update Guide
• HP-UX Reference
• Managing Systems and Workgroups: A Guide for HP-UX System Administrators
• HP-UX Patch Management
• HP System Partitions Guide
• Getting Started with Software Package Builder
• VERITAS File System 4.1 (HP OnlineJFS/JFS) and VERITAS Volume Manager 4.1 Installation
Guide
• HP-UX Secure Resource Partitions (SRP) Software Administrator's Guide
Some or all of these documents are available on the Instant Information media and in printed form.
Related Documents 15
Please include the document title, manufacturing part number, and any comment, error found, or
suggestion for improvement you have concerning this document.
16
1 Introduction to Software Distributor
This chapter contains overview information and explains important concepts that will help you use
the Software Distributor (SD-UX) commands most effectively.
Table 2 Chapter Topics
Topics:
swlist(1M) • Lists installed software or software in • “Listing Your Software (swlist)” (page 63)
depots or on media
• “Listing Registered Depots” (page 100)
• Optional GUI
swcopy(1M) • Copies software from one depot to • “Copying Software Depots” (page 86)
another
• Optional GUI
swpackage(1M) • Creates packages of software which • Chapter 10: “Creating Software Packages
can then be used as a source for other ” (page 171)
SD-UX commands
swask(1M) • Runs interactive request scripts that • Chapter 11: “Using Control Scripts ”
gather information for later use by (page 207)
swinstall or swconfig • “Requesting User Responses (swask)”
(page 227)
swacl(1M) • Specifies, lists, and changes Access • Chapter 9: “SD-UX Security ” (page 145)
Control Lists (ACLs) for SD security.
swverify(1M) • Verifies the integrity of installed software • “Verifying Your Installation (swverify)”
or depot software by comparing IPD (page 58)
information with the files actually • “Verifying a Depot (swverify -d) ” (page 102)
installed
• Runs verify and fix scripts
swmodify(1M) • Modifies the Installed Products Database • “Modifying the IPD (swmodify)” (page 74)
(IPD) and various catalog files that
contain information about the software
on the system
swreg(1M) • Registers newly created depots to make • “Registering and Unregistering Depots
them visible to other systems (swreg) ” (page 95)
sd(5) • Starts the Job Browser GUI to create, • Chapter 7: “Remote Operations Overview”
monitor, schedule, and delete jobs (page 119)
• Requires that remote operations are • Chapter 6: “Using Jobs and the Job Browser”
enabled (page 105)
swjob(1M) • Monitors jobs from the command line • “Monitoring Jobs from the Command Line”
(page 114)
• Requires that remote operations are
enabled • Chapter 7: “Remote Operations Overview”
(page 119)
• Chapter 6: “Using Jobs and the Job Browser”
(page 105)
NOTE: All examples for GUI commands in this manual also apply to the TUI.
TIP: Put /usr/sbin in your PATH to avoid typing the /usr/sbin prefix.
The TUI starts by default if you have not set the DISPLAY variable.
To invoke the GUI and specify other command-line arguments at the same time, you must include
the -i option. For example:
swinstall -i -s sw_server cc pascal
To invoke the swlist GUI, you must use always use the swlist -i option.
NOTE: You can also launch the SD-UX GUIs from HP’s System Management Homepage (SMH)
or System Administration Manager (SAM) applications.
Menu bar Provides pull-down menus for File, View, Options, Actions, and Help. Each
choice has additional submenus for more activities. Items in the menus
may or may not appear, depending on whether selections are highlighted
or not. Some actions may also be grayed out to show they are not
available for a specific item.
Message area Provides messages and system information.
View/selections Describes the current software view and the number of items selected in
the object list.
Columns Headings for columns of information in the object list.
Object list Lists software selections, bundles, products, targets, or other information
regarding selections, analysis and details.
NOTE: When you re-execute a session file, the values in the session file take precedence over
values in the system defaults file. Likewise, any command line options or parameters that you
specify when you invoke the GUI take precedence over the values in the session file.
1.3.9.1 Columns...
The View→Columns... choice brings up the Column Editor dialog (Figure 6: “Column Editor ”,),
which lets you reformat the columns for the current object list. All viewable object attributes are
listed.
The editor displays values 1 through the total number of attributes, plus an Ignore option, which
removes that attribute from display in the object list.
You can specify an attribute’s justification by clicking on the Left or Right button in the Justify
column.
1.3.9.2 Filter...
Figure 7 Filter Dialog
The View→Filter... choice displays the Filter dialog (Figure 7: “Filter Dialog”,), which lets you
specify the type of filtering desired for each attribute.
The Operator menu button lets you specify the operator for a given attribute. The following table
presents the operator types:
Table 4 Operator Types
Any Displays objects regardless of the value of the attribute.
Matches Displays objects if their attribute value exactly matches the value specified in the Value
column.
Not Displays objects whose attribute value does not match the value specified in the Value
column.
Less Than Displays objects if their attribute value is less than the value specified in the Value
column. Less than is defined as a lesser integer value or earlier in the alphabet.
Greater Than Displays objects if their attribute value is greater than the value specified in the Value
column. Greater than is defined as a higher integer value or later in the alphabet.
• For Matches and Not, use an asterisk (*)as a wildcard, and a question mark (?) to match
any single character.
• Select Apply to apply the changes made to the object list and leave the Filter dialog open.
• Select OK to apply the changes and close the Filter dialog.
• To return to the original default values, select System Defaults.
1.3.9.3 Sort...
The View→Sort... choice displays the Sort dialog (Figure 8: “Sort Dialog”,), which lets you specify
a sort method for the object list. All viewable object attributes are listed. For each attribute, you
can specify the type of sort desired.
The Priority column displays values 1 through the total number of attributes, plus an Ignore
option, which excludes the attribute from the sort. A sort priority of 1 sorts the list first on that
attribute.
• To specify whether the sort is ascending or descending, select the Direction menu button.
• To apply the changes to the objects list and remain in the Sort dialog, select Apply.
• Select OK to apply the sort and close the Sort dialog.
• Select Cancel to ignore any changes made and close the Sort dialog.
• To return to the original default sort values, select System Defaults.
1.3.10 Changing Options and Refreshing the Object List—The Options Menu
The Options menu lets you refresh the object list and change the default values of options that
control command behaviors and policies. Selecting Options→Refresh List updates the object list
to reflect any changes.
Selecting Options→Change Options opens the Options dialog (Figure 9: “Options Dialog”,), which
lets you change a limited set of options for the command. These options are changed only for the
duration of the interactive session. To change options for subsequent sessions, you must save a
session file (see “Session and File Management—The File Menu” (page 26)) or edit one of the
options files (see “Using Command Options” (page 37)).
NOTE: Use caution when changing option values. They allow useful flexibility but can produce
harmful results if changed to an inappropriate value. Use the online help and consult Appendix A
(page 235) to understand fully each option before you change it.
NOTE: Software automatically marked due to dependencies is not included in a software group.
Dependencies are recomputed each time you select Add Software Group. See “Software
Dependencies ” (page 22) for more information about dependencies
1. (Optional) To specify another host system, type a source host name, or:
a. Click on the Source Host Name button. The system displays a dialog that lists all host
system names contained in the defaults.hosts file ($HOME/.sw/defaults.hosts
or /var/adm/sw/defaults.hosts).
b. Choose a host name from the list.
c. Click OK. The host name appears in the appropriate box in the Specify Source dialog.
2. (Optional) To specify the path to the depot, type a new path, or:
a. Click on the Source Depot Path button to display a list of registered depots on the source
host.
b. Highlight one of the depots.
c. Click OK to make it appear in the Specify Source dialog.
3. Click OK. The Specify Source dialog closes, and the Software Selection window displays the
software contained in the depot you specified.
To get “context-sensitive” help for individual menu choices, fields, options, or buttons on the various
windows and menus, place the cursor on an item and press the F1 key on your keyboard (Ctrl-F
in the TUI). This displays specific help for that item.
To view overview information for each major screen, to get help on keyboard usage, or to view
other product information, select the Help menu from in the menu bar.
1.3.12.2 Keyboard...
This menu item brings up help on how to use the keyboard to control the application, covering
topics such as selection, menu bar activation and traversal, dialog box traversal, etc.
The example shows that you have several ways to specify SD-UX behavior including command-line
options (such as -f and -s), input files (mysoft and /mnt/cd), and target selections.
A complete list of command line components includes:
• Software selections and software selection files ((page 35))
• Target selections and target selection files ((page 37))
• Command-line options ((page 37))
• Session files ((page 39))
Each item on this list is discussed in more detail in the following sections.
1.4.1.1 Syntax
The software_selections syntax is identical for all SD-UX commands that require it
(bundle[.product[.subproduct][.fileset]][,version] and
product[.subproduct][.fileset][,version]):
• The = (equals) relational operator lets you specify selections with the following shell wildcard
and pattern-matching notations:
[ ] Square brackets—groups an expression
* Asterisk—wildcard for multiple characters
? Question mark—wildcard for a single character
For example, the following expression installs all bundles and products with tags that end with
man:
swinstall -s sw_server \*man
• Bundles and products are recursive. Bundles can contain other bundles. For example:
swinstall bun1.bun2.prod.sub1.fset,r=1.0
or (using expressions):
swinstall bun[12].bun?.prod.sub*,a=HP-UX
• The \* software specification selects all products.
CAUTION: To avoid data loss, use the \* specification with considerable care (such as
when removing software from the root directory, /).
1.4.2.1 Syntax
The target_selections syntax is identical for all SD-UX commands that require it:
@ [host][:][/directory] | [./relative_path] | [../relative_path]
• The @ character is optional if you are using the local host and default directory. If it is used,
it acts as a separator between operands and the destination.
• Only one @ character is needed.
• You can specify the host by its host name, domain name, or internet address. A directory can
either be an absolute pathname, or a relative pathname. If a host is specified, the directory
must be an absolute path. To specify a relative_path when no host is specified, the
relative_path must start with ./ or ../; otherwise, the specified name is considered as
a host.
• The internet address can be in IPv4 format with dot notation or in IPv6 format. When IPv6
internet address is specified, it can be optionally enclosed within square brackets [ and ].
• The : (colon) is required if you specify both a host and directory.
• On some systems, the @ character is used as the kill function. Type stty on your system to
see if the @ character is mapped to any other function on your system. If it is, remove the
mapping, change the mapping, or use \@.
NOTE: You must restart the SD-UX daemon after changing swagentd options, or the daemon will
not recognize the changes. To restart the daemon, type:
/usr/sbin/swagentd -r
1.4.3.1 Examples
To change the default value of use_alternate_source to true for all users for all future sessions
for all commands to which the option applies, place the following line in the
/var/adm/sw/defaults file:
use_alternate_source=true
To change the default value of use_alternate_source to false for your own invocations of
the command, place the following line in your $HOME/.swdefaults file:
swinstall.use_alternate_source=false
To start an interactive swinstall session using the options stored in my_install_defaults
to override any system-wide or personal defaults file values:
swinstall -i -X my_install_defaults=true
To start an interactive install session and reset the use_alternate_source default for this
session only:
swinstall -i -x use_alternate_source
See Appendix A (page 235) for a complete listing of defaults and their values and descriptions.
CAUTION: Changing the default values for command options can cause harmful results if you
specify inappropriate values.
CAUTION: While installing a patch, updating or reinstalling a product, please ensure that the
product being patched, updated or reinstalled is not in use.
Table 5 Chapter Topics
Topics:
II. Select Source Provide the location of the software depot from which the software will
be installed.
IV. Analysis (Preview) Analyze (preview) the installation to determine if the selected software
can be installed successfully.
Step I: Start-Up
To start the GUI or TUI for an install session, type:
/usr/sbin/swinstall
The GUI is automatically invoked unless you also specify software on the command line. To invoke
the GUI and specify software, include the -i option. For example, to use the GUI for a preview
(analysis only) session with BUNDLE1, type:
swinstall -i -p /MyDepot/BUNDLE1
The Software Selection window appears with the Specify Source dialog superimposed over it.
42 Installing Software
Figure 16 Specify Source Dialog
1. (Optional) To specify another host system, type a source host name, or:
a. Click on the Source Host Name button. The system displays a dialog that lists all host
system names contained in the defaults.hosts file ($HOME/.sw/defaults.hosts
or /var/adm/sw/defaults.hosts).
b. Choose a host name from the list.
c. Click OK. The host name appears in the appropriate box in the Specify Source dialog.
2. (Optional) To specify the path to the depot, type a new path, or:
a. Click on the Source Depot Path button to display a list of registered depots on the source
host.
b. Highlight one of the depots.
c. Click OK to make it appear in the Specify Source dialog.
3. Click OK. The Specify Source dialog closes, and the Software Selection window displays the
software contained in the depot you specified.
NOTE: If multiple versions of a product exist in the same depot, SD-UX lets you select only
one version during each installation session.
44 Installing Software
Figure 18 Analysis Dialog
◦ Open items to look at the projected size requirements for specific filesets.
• Re-analyze repeats the analysis process.
When Analysis completes, the status for any host displays as either Ready or Excluded from
task. If any of the selected software can be installed onto the host, the status shows Ready. If
none of the selected software can be installed onto the host, the status shows Excluded from
task.
The following list summarizes the status results. You can find details about most problems by clicking
the Logfile button.
Ready There were no errors or warnings during analysis. The
installation may proceed without problems.
Ready with Warnings Warnings were generated during the analysis. Errors and
warnings are logged in the logfile.
Ready with Errors At least one product selected will be installed or copied.
However, one or more products selected are excluded from
the task because of analysis errors. Errors and warnings are
logged in the logfile.
Communication failure Contact or communication with the intended target or source
has been lost.
Excluded due to errors Some kind of global error has occurred. For example, the
system might not be able to mount the file system.
Disk Space Failure The installation will exceed the space available on the intended
disk storage. For details, click the Disk Space button.
The Products Scheduled row shows the number of products ready for installation out of all
products selected. These include:
• Products selected only because of dependencies
• Partially selected products
• Other products and bundles that were selected
46 Installing Software
Step V: Installation
In this step, SD-UX proceeds with the actual installation.
After you click OK in the Analysis window, SD-UX starts installation and displays the Install Window,
which shows status information.
48 Installing Software
Table 7 swinstall Command Options and Default Values
• admin_directory=/var/adm/sw • max_targets=25
• agent_auto_exit=true • mount_all_filesystems=true
• agent_timeout_minutes=10000 • os_name
• allow_downdate=false • os_release
• allow_incompatible=false • patch_filter=software_specification
• allow_multiple_versions=false • patch_match_target=false
• allow_split_patches=false • patch_save_files=true
• ask=false • polling_interval=2
• autoreboot=false • preview=false
• autorecover_product=false • recopy=false
• autoremove_job=false • register_new_root=true
• autoselect_dependencies=true • reinstall=false
• autoselect_minimum_dependencies=false • reinstall_files=false
• autoselect_patches=true • reinstall_files_use_cksum=true
• autoselect_reference_bundles=true • retry_rpc=1
• codeword= • retry_rpc_interval=
• compress_index=false • reuse_short_job_numbers=true
• controller_source= • rpc_binding_info=ncacn_ip_tcp:[2121]
• create_target_path=true ncadg_ip_udp:[2121]
• rpc_binding_info_source=
• customer_id=
• rpc_binding_info_target=
• defer_configure=false
• rpc_timeout=5
• distribution_source_directory=/var/spool/sw
• run_as_superuser=true
• enforce_dependencies=true
• run_scripts=true
• enforce_dsa=true
• select_local=true
• enforce_kernbld_failure=true
• software=
• enforce_scripts=true
• software_view=all_bundles
• enforce_selections=false
• source=
• installed_software_catalog=products
• source_cdrom=/SD_CDROM
• job_title=
• source_directory=
• layout_version=1.0
• source_tape=/dev/rmt/0m
• loadorder_use_coreqs=true
• source_type=directory
• log_msgid=0
• targets=
• logdetail=false
• use_alternate_source=false
• logfile=/var/adm/sw/swinstall.log
• verbose=1
• loglevel=1
• write_remote_files=true
• lookupcache_timeout_minutes=10
• match_target=false
NOTE: If you do not specify a source, swinstall uses the local host’s default depot directory,
/var/spool/sw.
• To install a pre-determined list of software products in the file mysoft that are physically on
a CD-ROM (mounted locally at /mnt/cd) to the default directory (/) on the local host:
swinstall -f mysoft -s /mnt/cd
• To select all software in the default depot (/var/spool/sw) located on a host named server
to the default directory on host myhost and preview the process (-p) without actually installing:
swinstall -p -s server \* @ myhost
A depot location (:/depot) is not specified because it is assumed that the software is located
in the default /var/spool/sw on server and will be installed at / on myhost. The -p
analysis option is explained under “Changing Command Options” (page 56).
• To select all products named C and Pascal from the default depot on the host named
sw_server and start an interactive GUI session (-i):
swinstall -i -s sw_server C Pascal
• To update HP Omniback software (already installed in the default directory on the local host)
with a newer version from a CD-ROM mounted at /mnt/cd:
swinstall -s /mnt/cd Omniback
CAUTION: Most HP-UX products have preinstall and postinstall scripts without accompanying
undo scripts. This negates any advantage of using the autorecover_products option. Use
autorecover_products only with software that has the associated undo scripts.)
50 Installing Software
2.1.4.4 Installing Software That Requires a System Reboot
Software packaged with the is_reboot attribute set to true requires the host to be rebooted after
the software is installed. However, when installing to alternate root file systems, the host will not
be rebooted.
If a local installation entails a reboot, the system reboots the target and the controller, so there is
no process left to report success or failure. (SD-UX does not automatically reconnect to the target
after a reboot.)
To find out if a software product requires the local host to be rebooted, get a description of the
software either from the Software Selection window, using the menu item Show Description of
Software, or from the Analysis dialog using the Product Summary and Product Description buttons.
NOTE: Managing multiple versions of a software product on your system requires close attention
to the cross-product dependencies that may exist for each version. When you installing multiple
versions, make sure you also install multiple versions of the cross-product dependencies. If the
dependencies are not relocatable and each version you want to install depends on a different
version of the same product, multiple versions of the original product cannot be installed.
NOTE: HP strongly advises that you do not install software that is incompatible unless you are
advised to do so by your HP Support representative.
Table 8 Product Compatibility
Product attribute Product value (Pattern to Target Root attribute
match)
52 Installing Software
Table 8 Product Compatibility (continued)
Product attribute Product value (Pattern to Target Root attribute
match)
os_version * C uname -v
NOTE: Compatibility filtering does not apply to alternate root file systems. You must select software
that you know to be compatible with the alternate root.
NOTE: When a swinstall session includes a reboot fileset (such as when you update the core
HP-UX operating system to a newer release), the configure scripts are automatically run as part of
the system start-up process after the system reboots. You do not have to run swconfig to complete
the configuration.
Phase I: Selection
In this phase, swconfig resolves the software selections. The swconfig behavior can be controlled
using the enforce_selections option. If set to false (default), swconfig proceeds even
when only one software selection is available in the source. If set to true, swconfig proceeds
only if all of the software selections are available.
54 Installing Software
3. Check state of versions currently installed:
• If the product is non-existent or corrupt, the task issues an error that says the product
cannot be configured and to use swinstall to install and configure this product.
• If the versions currently installed are not configured and if the -u (unconfigure) option is
set, the system issues a note that the selected file or fileset is already unconfigured.
• If the state of versions currently installed is configured, the check is affected by the
reconfigure option. A note saying the fileset is already configured and will
(reconfigure is true) or will not (reconfigure is false) be reconfigured is issued.
4. Check for configuring a second version:
If the allow_multiple_versions option is set to false, an error is generated stating that
another version of this product is already configured and the fileset will not be configured. If
the option is set to true, the second version is also configured.
5. Check states of dependencies needed:
• An error or warning is issued if a dependency cannot be met. This is controlled by the
enforce_dependencies option. If enforce_dependencies is set to true the fileset
will not be configured. If enforce_dependencies is false, the fileset will be configured
anyway.
• If the dependency is a prerequisite, the configuration fails.
• If the dependency is a corequisite, the configuration of this fileset will likely succeed, but
the product may not be usable until its corequisite dependency is installed and configured.
NOTE: Products are ordered by prerequisite dependencies, if any. Fileset operations are also
ordered by any prerequisites or corequisites. The loadorder_use_coreqs option can modify
load order of the filesets. For more information on loadorder_use_coreqs, see “Options Listed
Alphabetically” (page 236).
1. (Un)configure each product.
2. Run scripts for associated filesets, checking return values.
If an error occurs, the fileset is left in the installed state. If a warning occurs, the fileset will still
be configured.
3. Update the IPD to show the proper installed or configured state.
Configure scripts must also adhere to specific guidelines. For example, these scripts are only
executed in the context of the host that the software will be running on, so they are not as restrictive
as customized scripts. For more information on scripts, see Chapter 11: “Using Control Scripts ”
(page 207).
56 Installing Software
Table 9 swconfig Command Options and Default Values
• admin_directory=/var/adm/sw • logdetail=false
• agent_auto_exit=true • logfile=/var/adm/sw/swconfig.log
• agent_timeout_minutes=10000 • loglevel=1
• allow_incompatible=false • lookupcache_timeout_minutes=10
• allow_multiple_versions=false • mount_all_filesystems=true
• ask=false • preview=false
• autoremove_job=false • reconfigure=false
• autoselect_dependencies=true • reuse_short_job_numbers=true
• autoselect_dependents=true • rpc_binding_info=ncacn_ip_tcp:[2121]
• autoselect_minimum_dependencies=false ncadg_ip_udp:[2121]
• rpc_timeout=5
• compress_index=false
• run_as_superuser=true
• controller_source=
• select_local=true
• enforce_dependencies=true
• software=
• enforce_scripts=true
• targets=
• enforce_selections=false
• verbose=1
• installed_software_catalog=products
• write_remote_files=false
• job_title=
• loadorder_use_coreqs=true
• log_msgid=0
Phase I: Selection
This phase consist of swverify resolving all information on the command line, including all necessary
host, software, dependency, and product information.
The swverify behavior can be controlled by the enforce_selections option. If set to false
(default), swverify proceeds even when only one software selection is available in the source.
If set to true, swverify proceeds only if all of the software selections are available.
58 Installing Software
1. Initiate analysis
2. Process software selections. The system accesses the Installed Products Database (IPD) or depot
catalog to get the product information for the selected software:
For installed software, the system checks that all products are compatible with its uname
attributes. This check is controlled by the default option allow_incompatible:
• If allow_incompatible is set to false, the system produces an error stating that the
product is not compatible with the host.
• If allow_incompatible is set to true, a warning is issued stating that the product is
not compatible.
3. Check for correct states in the filesets (installed, configured or available). For installed software,
swverify also checks for multiple versions that are controlled by the
allow_multiple_versions option:
• If allow_multiple_versions is false, an error is produced that multiple versions of
the product exist and the option is disabled.
• If allow_multiple_versions is true, a warning is issued saying that multiple versions
exist.
4. Check dependencies. An error or warning is issued if a dependency cannot be met.
Dependencies are controlled by the enforce_dependencies option:
• If enforce_dependencies is true, an error is generated telling you the type of
dependency and what state the product is in.
• If enforce_dependencies is false, a warning is issued with the same information.
• If the dependency is a corequisite, it must be present before the software will operate.
• If the dependency is a prerequisite, it must be present before the software can be installed
or configured.
5. Execute verify or fix scripts on installed software in prerequisite order.
A verify script is used to ensure that the configuration of the software is correct. Possible
vendor-specific tasks for a verify script include:
• Determine active or inactive state of the product.
• Check for corruption of product configuration files.
• Check for (in)correct configuration of the product into the OS platform, services or
configuration files.
• Check licensing factors.
Vendor-supplied scripts are executed and the return values generate an ERROR (1) or a
WARNING (2).
Scripts are executed in prerequisite order.
6. Perform file-level checks for:
• Contents (mtime, size and checksum) for control_files
• Contents (mtime, size and checksum) for files
• Missing control_files, files and directories
• Permissions (owner, group, mode) for installed files
• Proper symlink values
60 Installing Software
Table 10 swverify Command Options and Default Values
• admin_directory=/var/spool/sw • installed_software_catalog=products
• agent_auto_exit=true • job_title=
• agent_timeout_minutes=10000 • loadorder_use_coreqs=true
• allow_incompatible=false • log_msgid=0
• allow_multiple_versions=false • logdetail=false
• autoremove_job=false • logfile=/var/adm/sw/swverify.log
• autoselect_dependencies=true • loglevel=1
• autoselect_minimum_dependencies=false • lookupcache_timeout_minutes=10
• check_contents=true • mount_all_filesystems=true
• check_contents_uncompressed=false • public_key=
• check_contents_use_cksum=true • reuse_short_job_numbers=true
• check_permissions=true • rpc_binding_info=ncacn_ip_tcp:[2121]
• check_requisites=true ncadg_ip_udp:[2121]
• rpc_timeout=5
• check_scripts=true
• run_as_superuser=true
• check_volatile=false
• select_local=true
• controller_source=
• software=
• distribution_target_directory= /var/spool/sw
• target_directory=
• enforce_dependencies=true
• verbose=1
• enforce_selections=false
• verify_signatures=false
• fix=false
• verify_signatures_only=false
◦ Close Level to close the current item and displays the next higher level of objects.
◦ Show Description of Software... to display attribute information about the current item.
• admin_directory=/var/adm/sw • rpc_binding_info=ncacn_ip_tcp:[2121]
• agent_timeout_minutes=10000 ncadg_ip_udp:[2121]
• rpc_timeout=5
• codeword=
• run_as_superuser=true
• customer_id=
• select_local=true
• distribution_target_directory=/var/spool/sw
• show_superseded_patches=false
• installed_software_catalog=products
• software=
• layout_version=1.0
• software_view=all_bundles
• level=
• target_directory=
• log_msgid=1
• targets=
• lookupcache_timeout_minutes=10
• verbose=1
• one_liner=revision title
• patch_one_liner=title patch_state
# Bundle(s):
HMS 1.01
OBAM5_0 B.11.00 ObAM 5.0
Using swlist with no options set and no software selected gives you a listing of all software
bundles plus all products that are not part of a bundle. Adding the -d option gives you the same
listing of software residing in the default depot on your local host.
• List all the media attributes of the local tape depot, /dev/rmt/0m:
swlist -v -l depot @ /dev/rmt/0m
— or —
swlist -vl depot -s dev/rmt/0m
type distribution
tag CORE OS
description HP-UX Core Operating System Software Disk
number B2358-13601
mod_date June 1998
• List the README file for product, OS_CORE installed on the local host:
swlist -a readme OS-Core | more
readme:
****************
* Introduction *
****************
• List the products stored in the software depot on host1 located at /swmedia. For this example
assume the swlist one_liner is: “title size architecture”:
swlist -d @ host1:/swmedia
FRAME Frame Doc. Pkg 2319 HP-UX_9000_Series_AorB
FRAME Frame Doc. Pkg 2458 OSF1_9000_Series_1.0
ME30 3-D Mech. Eng 5698 HP-UX_9000_Series300_AorB
SOFTBENCH Dev Env 4578 HP-UX_9000_Series300
TEAMWORK Design/Analysis 3478 HP-UX_9000_Series 300/400
(Note that the media contains two revisions of the FRAME product.)
NOTE: Whatever you specify in the command line for software level and attributes will override
the values in the default option files.
swlist -l root Shows the root level (roots on the specified target hosts)
swlist -l file Shows products, subproducts, filesets, files and numbers (used in software
licensing).
swlist -l category Shows all categories of available patches for patches that have included
category objects in their definition.
The starting point for a software list is always taken from the operands in the -l and -a options
(or from the level or one_liner options). You must decide what levels you want and what
software attributes to list in addition to the product name.
NOTE: Examples in the following sections do not include a value for the one_liner option.
prerequisite A fileset that the current fileset needs to install or configure correctly
NOTE: In general, use caution when using the -u option with the -a option. If -u is used and
-a is also specified, the -a option deletes the attribute from the given software_selections
(or deletes the value from the set of values currently defined for the attribute).
• admin_directory=/var/adm/sw • logfile=/var/adm/sw/swmodify.log
• allow_large_files=false • loglevel=1
• compress_index=false • lookupcache_timeout_minutes=10
• control_files= • patch_commit=false
• distribution_target_directory=/var/spool/sw • run_as_superuser=true
• files= • software=
• installed_software_catalog=products • source_file=
• layout_version=1.0 • target_directory=
• log_msgid=0 • targets=
• logdetail=false • verbose=1
Unsupported Tasks
Removing a category from the IPD listed in swlist -l category using swmodify command is
not supported.
III. Analysis (Preview) Analyze (preview) the removal to determine if the selected software can
be successfully removed.
Step I: Start-Up
To start the GUI or TUI for an removal session, type:
/usr/sbin/swremove
The GUI is automatically invoked unless you also specify software on the command line. To invoke
the GUI and specify software, include the -i option. For example, to use the GUI for a preview
(analysis only) session with BUNDLE1, type:
swremove -i -p /MyDepot/BUNDLE1
The Software Selection window appears.
After analysis, if any of the selected software can be removed, the status indicates Ready or Ready
with Warnings. If none of the selected software can be removed, the status indicates Excluded
from task.
The Products Scheduled column shows the number of products ready for removal out of all
products selected. The total products ready includes those products that are:
• Marked because of dependencies
• Marked inside of bundles
• Partially and wholly marked
A product may be automatically excluded from the removal if an error occurs with that product.
Removal cannot proceed if the host target is excluded from the removal. If the host fails the analysis,
a warning dialog appears.
The following actions are also available:
• Product Summary gives additional information about the product or bundle and provides a
Product Description button that displays information about additional information about
dependencies, copyright, vendor, etc.
The Projected Action column describes what type of removal is being done. The possible
types are:
Remove The product exists and will be removed.
Filesets Not Found The system did not find the filesets as specified.
Skipped The product will not be removed.
Excluded The product will not be removed because of some analysis phase
errors. See the logfile for details about the error.
(The Product Summary List is not an object list. You cannot open the products, perform actions,
or change the column view.)
• Logfile presents a scrollable view of detailed removal information written to the logfile.
• Re-analyze repeats the analysis process.
• admin_directory=/var/adm/sw • loglevel=1
• agent_auto_exit=true • lookupcache_timeout_minutes=10
• agent_timeout_minutes=10000 • mount_all_filesystems=true
• auto_kernel_build=true • polling_interval=2
• autoreboot=false • preview=false
• autoremove_job=false • remove_empty_depot=true
• autoselect_dependents=false • remove_empty_depot_directory=false
• autoselect_reference_bundles= true • reuse_short_job_numbers=true
• compress_index=false • rpc_binding_info=ncacn_ip_tcp:[2121]
• controller_source= ncadg_ip_udp:[2121]
• rpc_timeout=5
• distribution_target_directory= /var/spool/sw
• run_as_superuser=true
• enforce_dependencies=true
• run_scripts=true
• enforce_scripts=true
• select_local=true
• enforce_selections=false
• software=
• force_single_target=false
• software_view=products
• installed_software_catalog=products
• target_directory=
• job_title=
• targets=
• loadorder_use_coreqs=true
• verbose=1
• log_msgid=0
• write_remote_files=false
• logdetail=false
• logfile=/var/adm/sw/swremove.log
Create swcopy, swpackage • Chapter 10: “Creating Software Packages ” (page 171)
• “Creating a Tape Depot for Distribution” (page 98)
Additional tasks • “Additional Depot Management Tasks and Examples” (page 98)
Step I: Start-Up
To start the GUI or TUI for an copy session, type:
/usr/sbin/swcopy
The GUI is automatically invoked unless you also specify software on the command line. To invoke
the GUI and specify software, include the -i option. For example, to use the GUI for a preview
(analysis only) session with MyDepot, type:
swcopy -i -p /MyDepot
The Software Selection window appears with the Specify Source dialog and the Select Target
Depot Path dialogs superimposed over it.
1. (Optional) To specify another host system, type a source host name, or:
◦ Open items to look at the projected size requirements for specific filesets.
• Re-analyze repeats the analysis process.
When Analysis completes, the status for any host displays as either Ready or Excluded from
task. If any of the selected software can be copied onto the host, the status shows Ready. If
none of the selected software can be copied onto the host, the status shows Excluded from
task.
The following list summarizes the status results. You can find details about most problems by clicking
the Logfile button.
Ready There were no errors or warnings during analysis. The copy
may proceed without problems.
Ready with Warnings Warnings were generated during the analysis. Errors and
warnings are logged in the logfile.
Ready with Errors At least one product selected will be copied. However, one or
more products selected are excluded from the task because of
analysis errors. Errors and warnings are logged in the logfile.
Communication failure Contact or communication with the intended target or source
has been lost.
Excluded due to errors Some kind of global error has occurred. For example, the
system might not be able to mount the file system.
Disk Space Failure The copy will exceed the space available on the intended disk
storage. For details, click the Disk Space button.
• admin_directory=/var/adm/sw • polling_interval=2
• agent_auto_exit=true • preview=false
• agent_timeout_minutes=10000 • recopy=false
• allow_split_patches=false • register_new_depot=true
• autoremove_job=false • reinstall=false
• autoselect_dependencies=true • reinstall_files=true
• autoselect_minimum_dependencies=false • reinstall_files_use_cksum=true
• autoselect_patches=true • remove_obsolete_filesets=false
• autoselect_reference_bundles=true • retry_rpc=1
• codeword= • retry_rpc_interval={0}
• compress_files=false • reuse_short_job_numbers=true
• compress_index=false • rpc_binding_info=ncacn_ip_tcp:[2121]
• controller_source= ncadg_ip_udp:[2121]
• rpc_binding_info_source=
• create_target_path=true
• rpc_binding_info_target=
• customer_id=
• rpc_timeout=5
• distribution_source_directory= /var/spool/sw
• run_as_superuser=false
• distribution_target_directory= /var/spool/sw
• select_local=true
• enforce_dependencies=true
• software=
• enforce_dsa=true
• software_view=all_bundles
• enforce_selections=false
• source=
• job_title=
• source_cdrom=/SD_CDROM
• layout_version=1.0
• source_directory=
• loadorder_use_coreqs=true
• source_tape=/dev/rmt/0m
• log_msgid=0
• source_type=directory
• logdetail=false
• target_directory=
• logfile= /var/adm/sw/swcopy.log
• targets=
• loglevel=1
• uncompress_files=false
• lookupcache_timeout_minutes=10
• use_alternate_source=false
• max_targets=
• verbose=1
• mount_all_filesystems=true
• write_remote_files=true
• patch_filter=software_specification
• patch_match_target=false
NOTE: Registration of a depot does not enforce any access restrictions. Access enforcement is
left to SD security (see Chapter 9: “SD-UX Security ” (page 145)). Registration with swreg requires
insert permission in the host’s ACL.
4.3.3 Authorization
To register a new depot or to unregister an existing depot, swreg requires read permission on
the depot in question and insert permission on the host. To unregister a registered depot, the swreg
command requires write permission on the host. See Chapter 9: “SD-UX Security ” (page 145) for
more information on permissions.
• admin_directory=/var/adm/sw • rpc_binding_info=ncacn_ip_tcp:[2121]
• distribution_target_directory=/var/spool/sw ncadg_ip_udp:[2121]
• rpc_timeout=5
• level=
• run_as_superuser=true
• log_msgid=0
• select_local=true
• logfile=/var/adm/sw/swreg.log
• select_local=true
• logdetail=false
• target_directory=
• loglevel=1
• targets=
• lookupcache_timeout_minutes=10
• verbose=1
• objects_to_register=
NOTE:
• For a depot originially provided by HP, signature verification for depot metadata as well as
all bundles, products, and filesets must pass.
• If a depot provided by HP is copied using swcopy to another depot, signature verification
for the depot and bundle metadata would fail as the copied depot is not shipped by HP.
• To retain the depot metadata and bundle signatures, a filesystem copy of the depot must be
done instead of swcopy.
• Currently, swverify verifies signatures for all products in the depot irrespective of the
software_selections.
TIP: Use the mod_time as a convenient sort field (a single integer), and use mod_date to
include human-readable output. (Place mod_time at the end of the display where it’s less visible.)
NOTE: By default the output of swlist will reflect the POSIX format for attributes. This may
affect users who parse this output.
In the following examples, swlist output requests are sent to standard output. All examples
assume the one_liner option is revision size title and the level option is product
or undefined.
List the contents of the local tape depot, /dev/rmt/0:
swlist -d @ /dev/rmt/0
AUDIT 3.5 9834 Trusted Systems Auditing Utils
COMMAND 1.7 4509 Core Command Set
C-LANG 2.5 5678 C Programming Language
DISKLES 1.8 6745 HP Cluster Commands
KERNEL 1.4 56908 Kernel Libraries and Headers
VUE 1.3 5489 Vue (Instant Ignition Release)
WINDOWS 2.06 10423 Windowing Products
List the media attributes of the local tape depot, /dev/rmt/0:
swlist -d -v -l depot @ /dev/rmt/0
type distribution
tag CORE OS
description HP-UX Core Operating System Software Disc
number B2358-13601
date June 1991
List the products stored in the software depot on host1 located at /swmedia. For this example
assume one_liner is title size architecture:
swlist -d @ host1:/swmedia
FRAME Frame Document Pkg 2319 HP-UX_9000_Series700/800_AorB
FRAME Frame Document Pkg 2458 OSF1_9000_Series700_1.0
ME30 3-D Mechanical Eng 5698 HP-UX_9000_Series300/800_AorB
SOFTBENCH Softbench Development Env 4578 HP-UX_9000_Series300
TEAMWORK Tmwk. Design/Analysis 3478 HP-UX_9000_Series300/400
Note that the media contains two versions of the FRAME product.
NOTE: The swverify command does not execute vendor-supplied verification scripts within a
depot.
NOTE: The HP patch resources are for HP-related patches only. To install or upgrade other vendor
patches and applications, refer to the appropriate vendor documentation
103
104
6 Using Jobs and the Job Browser
This chapter describes SD-UX jobs and the Job Browser interface for remote operations. For
additional information on remote operations, see Chapter 7: “Remote Operations Overview”
(page 119).
Table 25 Chapter Topics
Topics:
6.1 Introduction
The Job Browser GUI, an interactive interface for managing remote operations. The Job Browser
lets you:
• Create copy, install, or remove jobs
• Monitor job status and logfiles
• List job information
• Schedule jobs
The swjob command lets you monitors jobs from the command line. Various command options
help you manage and tune performance of jobs and remote operations.
NOTE: The Terminal User Interface (TUI) has some limitations when used with the Job Browser:
• Error-handling messages may garble the screen. Type Ctrl-L to refresh the screen if this happens.
• If you display Actions→Job Description→Show Options, some scrolling is required to view the
entire screen.
This icon represents an install job. The ruler on the side indicates that the job is active.
This icon represents an install job that is scheduled for a later time. The clock face indicates that
it is a scheduled job.
This icon represents an install job that completed, but contained warnings. The background around
the icon is yellow.
This icon represents an install job that completed, but contained errors. The background around
the icon is red.
This icon represents a verify job (represented by a magnifying glass) that completed, but contained
errors. The background around the icon is red.
6.2.5.1 Shortcuts
To display a pop-up menu of job-specific actions, right-click on a job icon, then left-click. This
displays a pop-up Actions menu items. Choose an action by clicking with either mouse button.
Double clicking on a job displays the Job Results dialog (same as Actions→Show Job Results....)
NOTE: For performance reasons, a maximum of 250 targets are listed at once. If there are more
then 250 targets for the job, Next and Previous buttons appear to let you view groups of 250
targets. Showing only warnings or errors can reduce the number of targets displayed.
◦ alternate root
◦ depot
• Selecting Show Options... displays the Job Options dialog. This lets you see the options used
to create this job.
• Selecting Show Results... displays the Job Results dialog, which shows the latest status
information on the job.
• Select OK in the Job Description dialog to return to the Job Browser. You can display the same
information by double clicking on a job.
• If you remove a scheduled job that has not yet run, the job is never run.
• You cannot remove a job that is in progress.
title A title specified for the job by using the job_title option in swconfig, swcopy,
swinstall, swremove, or swverify (see “Managing and Tuning Jobs with Command
Options” (page 116))
lastupdate Date at which information for this job was last updated
NOTE: You cannot specify any other -a options in the same command if you use -a log.
To remove job information for all previous jobs:
swjob -u \*
7.1 Introduction
In addition to its ability to “pull” software from a central depot, Software Distributor also provides
powerful features for remote operations that let you “push” software to remote systems (targets)
from the local host. You can use these features interactively and monitor results of all SD-UX
commands with the Job Browser or from the command line with the swjob command.
NOTE: The Terminal User Interface (TUI) is not available for remote operations.
NOTE: You must restart the SD-UX daemon if you change daemon options, or the system will not
recognize the changes. See “Using Command Options” (page 37) for more information.
7.1.1.10 Limitations
• You cannot use remote operations to directly “push” an HP-UX OS update to remote systems.
• Remote operations do not apply to the following SD-UX commands:
◦ install-sd
◦ swpackage
◦ swmodify
NOTE: The Terminal User Interface (TUI) is not available with remote operations.
2. Enter the primary root name in the Hostname: area and select Add.
3. The Select Target Path dialog appears. The default path is root (/). To accept the default root
(/), click OK.
4. After selecting the root path, the Hostname and Root Path are automatically updated in the
Add Target dialog (Figure 46: “Add Targets Dialog ”,). To add additional targets, repeat 2.
5. Select OK in the Add Targets dialog. This adds your selections to the Target Selection Window.
Each target is contacted as it is added to the Target Selection Window. Networking may
At this point, all desired targets should be listed and have Yes in the Marked? column. If you
have not marked any targets, you cannot proceed to the Selecting Software phase.
NOTE: You can also set up remote access by using swacl directly on the remote machines to
grant root or non-root access to users from the controller system.
Step I: Start-up
To initiate an install session:
1. Start the Job Browser by typing:
sd
2. From the Job Browser window, choose
Actions→Create Job→Install Software...
The message “Invoking a swinstall process” displays at the bottom of the window,
then the Target Selection Window appears.
3. Use the current root path (/) by selecting OK. This returns you to the Add Targets dialog.
4. Select OK in the Add Targets dialog. This updates the Target Selection Window with your
target selection. Yes appears in the Marked column, indicating that the target is marked for
installation.
5. Choose Actions→Show Software for Selection. The Specify Source dialog appears.
1. The Specify Source dialog should list your controller name or your remote test system name
in the Source Host Name... field and the example depot that you created
(/var/adm/sw/examples/depot) in the Source Depot Path... field.
From this dialog, you can also:
• Click on the Source Host Name... button to display a list of hosts that you can select from.
• Click on the Source Depot Path... to display a list of registered depots that you can select
from.
Click OK. The Software Selection Window appears (Figure 50: “Software Selection Window”,).
This window displays all available software in the depot that you selected.
The Software Selection Window object list is hierarchical: you can open each object in the list and show objects
contained inside. Objects in the list that contain other objects that can be opened, have an arrow (→) after the
name.
For example:
• To see the subproducts in the product SD-DATABASE, double click on it. The object list displays the subproducts.
To open a subproduct, double click on the name. (Or highlight the name and then select Actions→Open Item.)
• To close an object and return to the previous list, double click on the first item in the list (..(go up)) or
highlight the item and selecting Actions→Close Level.
Note that products are listed together, but subproducts and filesets may appear in the same list when you
open a product.
3. Choose Actions→Install. This displays the Install Preferences dialog (Figure 51: “Install
Preferences Dialog”,).
2. Select Done to exit the Install Window dialog. This returns you to the Target Selection Window.
3. Select File→ Exit to return to the Job Browser.
4. (Optional) Select another target for installation (i.e., Actions→Mark for Install).
For more information about swlist, see “Listing Your Software (swlist)” (page 63).
NOTE: On HP-UX 11i v3, the internet address can also be specified in the IPv6 format. When
IPv6 internet address is specified, it can be optionally enclosed within square brackets [ and ].
NOTE: The host can be an internet address either in IPv4 format with dot notation or in IPv6
format. When IPv6 internet address is specified, it can be optionally enclosed within square brackets
[ and ].
7.6.2 Examples
7.6.2.1 swacl
To list the global product template ACL on remote host gemini:
# swacl -l global_product_template @ gemini
If 3ffe:ffff:101::230:6eff:fe04:d9ff is the IPv6 address of gemini, then the global
product template ACL on the remote host gemini can also be listed with the following command:
# swacl -l global_product_template @ 3ffe:ffff:101::230:6eff:fe04:d9ff
7.6.2.3 swconfig
To configure the C and Pascal products on three remote hosts:
# swconfig cc pascal @ hostA hostB hostC
To configure C on the remote host with the IPv6 address
ffe:ffff:101::230:6eff:fe04:d9ff:
# swconfig cc @ [ffe:ffff:101::230:6eff:fe04:d9ff]
7.6.2.4 swcopy
To copy the C and Pascal products to one local and two remote depots:
# swcopy -s sw_server cc pascal @ /var/spool/sw \
hostA:/tmp/sw hostB
To copy C and Pascal products from a remote depot to a local depot with the IPv6 address
2620:0:a07:e020:21a:4bff:fef3:90e8:
# swcopy -s [2620:0:a07:e020:21a:4bff:fef3:90e8]:/mydepot cc pascal @ /var/spool/sw
7.6.2.5 swinstall
To install the C and Pascal products to three remote hosts:
# swinstall -s sw_server cc pascal @ hostA hostB hostC
To install C and Pascal products to a remote host with the IPv6 address
2620:0:a07:e020:21a:4bff:fef3:90e8:
# swinstall -s sw_server cc pascal @ [2620:0:a07:e020:21a:4bff:fef3:90e8]
7.6.2.6 swjob
The swjob command lets you monitors jobs from the command line. For more information about
jobs, see Chapter 6: “Using Jobs and the Job Browser” (page 105) and “Monitoring Jobs from the
Command Line” (page 114).
To list the agent log of remote system TargetA for job hostA-0001:
# swjob -a log hostA-0001 @ targetA :/
To list the agent log of remote system TargetA for job hostA-0001 using the IPv6 address
2620:0:a07:e020:21a:4bff:fef3:90e8 of TargetA:
# swjob -a log hostA-0001 @ 2620:0:a07:e020:21a:4bff:fef3:90e8:/
7.6.2.7 swlist
To list the C product on three remote hosts:
# swlist cc @ hostA hostB hostC
To list the C product on remote host with the IPv6 address
2620:0:a07:e020:21a:4bff:fef3:90e8:
# swlist cc @ 2620:0:a07:e020:21a:4bff:fef3:90e8
7.6.2.9 swremove
To remove the C and Pascal products from three remote hosts:
# swremove cc pascal @ hostA hostB hostC
To remove the C and Pascal products from the remote hosts with the IPv6 address
ffe:ffff:101::230:6eff:fe04:d9ff:
# swremove cc pascal @ ffe:ffff:101::230:6eff:fe04:d9ff
7.6.2.10 swverify
To verify the C and Pascal products on three remote hosts:
# swverify cc pascal @ hostA hostB hostC
To verify the C and Pascal products on the remote hosts with the IPv6 address
2ffe:ffff:101::230:6eff:fe04:d9ff:
# swverify cc pascal @ 2ffe:ffff:101::230:6eff:fe04:d9ff:
8.1 Overview
SD-UX install and copy throughput are dependent on the following factors:
• Speed of the network
• Size (i.e., number of bytes) of the product being transferred
• Number of files being transferred
• Number of targets any one source is serving simultaneously
SD-UX provides many features that can be used together to increase the speed and success rates
of distributed installations and copies. Many features are controlled by options set in the system
defaults file, separate options file, command line, or GUI. This lets you set these features and
options to best suit your own particular network and software needs.
These options and features can be categorized as follows:
• Group and source options: SD-UX eliminates the need to duplicate specification of commonly
used groups of targets and software. Also, using the source option to specify a main depot
reduces the number of dialog boxes.
• Large numbers of targets: Options that limit the number of simultaneous targets.
• Timeout options: Options that control how long the task attempts to retry low-level
communications for file transfers before giving up.
• Retry RPC and retry intervals: Options that control the intervals between retries when the
controller or targets attempt to re-establish lost connections.
• Retry command: Options that facilitate retrying operations that have failed. These can be used
in conjunction with the checkpointing features or can start the task from the beginning.
NOTE: When setting retry_rpc to a value greater than 0, the reinstall_files option
should also be set to false (the default value), so the same files are not recopied when a fileset
is retried.
The maximum possible amount of time spent waiting for the timeout is affected by a combination
of rpc_timeout, retry_rpc, and retry_rpc_interval.
For troubleshooting information on Timeout options, refer to “Connection Timeouts and Other WAN
Problems ” (page 266).
NOTE: This behavior requires that either the product or fileset have a revision defined.
The current state and revisions of filesets can be displayed with the command:
swlist [-d] -l fileset -a revision -a state
If there is an error installing a fileset in the product that causes the install to fail (e.g., lost connection
to the source), all filesets in the product are changed from transient to corrupt. (All filesets are
assumed corrupt since the product level postinstall script has not been run yet. In actuality, the
filesets may be properly installed.)
Independent of a fileset being installed (either properly or in a corrupt state) you can determine
whether any particular file is installed properly with a high degree of certainty through the file’s
size, mtime, and cksum attributes. Through these file attributes, checkpointing at the file level is
approximated (this is described in the previous section).
8.8 Compression
The swinstall and swcopy commands can transfer large amounts of data over the network
from depots to targets. The SD-UX compress_files option can improve performance by first
compressing files that are to be transferred. This can reduce network usage by approximately 50%;
the exact amount of compression depends on the type of files. Binary files compress less than 50%;
text files generally compress more.
Set this option to true only when network bandwidth is clearly restricting total throughput. If it is
not clear that this option will help, compare the throughput of a few swinstall or swcopy tasks
(i.e., with and without compression) before changing this option value.
You can use swcopy to compress files and leave them compressed in a target depot or compress
before network transfer and uncompress afterward.
Precompressing a depot is advantageous when installing or copying to multiple targets. If the
source depot is not already compressed, then each file is recompressed for each target.
You can set uncompress_files to true to leave a depot uncompressed after copying with
swcopy. For swinstall, the compress_files option will compress all uncompressed files
before network transfer. Files are always uncompressed before installing them to the target file
system.
8.9 Staging
The standard way to install software onto multiple targets is to specify a single source depot and
each target that is to receive the software. However, some software distribution environments
require that you manage software on large numbers of geographically dispersed target systems.
This may require the use of one or more intermediate source depots or staging areas. This variant
on the standard model is referred to as a staged installation.
There are two reasons for using a staged installation:
1. Minimize the amount of data transferred across a slow and expensive segment of your network.
2. More easily ensure a successful installation on all targets by reducing the risk of an unreliable
segment in your network.
If your environment has targets organized in separate, local area networks (LAN) and connected
via a low-throughput, less-reliable wide area network (WAN), staging software to intermediate
depots that are local to each grouping of targets and then doing the installation using these
intermediate depots reduces the amount of data that travels over the WAN segment.
By doing so, you also decrease the likelihood that a problem with the WAN will interrupt the
installation step.
Before you do a staged installation, you must first decide where the intermediate depots should
reside. Here are two possible approaches:
1. If the targets are grouped, you can put an intermediate depot on one system in each group
and configure the other targets to use it as their alternate source. This approach requires that
each target in the group be configured to use the designated intermediate depot.
2. If making sure that installations succeed is of highest importance, you can locate the
intermediate depots on the targets themselves, one-per-target. An advantage to this approach
is that it doesn’t necessarily require that you configure an alternate source on each target.
However, this approach requires that each target system have enough disk space to
accommodate the intermediate depot.
To do a staged installation:
1. First, decide on the location of the intermediate depots and use the swcopy command to copy
the software from your master depot to them. This step is no different from a normal multi-target
copy operation.
swcopy -s master -t depot_list NewApp
In this example, the master source depot containing the product NewApp is in the default
/var/spool/sw depot location and a file named depot_list contains the list of
intermediate depots.
The depot_list could identify the designated intermediate depots that have been configured
for each group of targets, or it could identify an intermediate depot located on each target.
2. Next, use the swinstall command combined with the option
use_alternate_source=true to do the actual installation. The use_alternate_source
NOTE: Patches created using the features capabilities described may maintain saved files. In
this case, patches can be removed (rolled back) or committed (by removing saved files). See
Chapter 5: “HP-UX Patching and Patch Management” (page 103) for more information on patches.
NOTE: The use of autorecover_product=true during an update of the HP-UX OS is not
supported.
NOTE: The allow_multiple_versions option must be set to true for swinstall to install
multiple versions of the software. The new version will not be configured by swinstall if there
is another version configured.
After a second version has been installed, each version can be identified either by the location
(Foo,l=/opt/foo and Foo,l=/opt/foo.v2), by the revision (Foo,r=1.0 and Foo,r=2.0),
or both. You can list the locations and revisions of all versions with:
swlist -l fileset -a location -a revision
NOTE: By default, only one version of the software is allowed to be configured at a time.
The second version can not be configured until the first one is unconfigured. As was discussed in
“Installation With Separate Configuration” (page 143), installing a second version automatically
excludes configuring the new version.
You must manually unconfigure the old version, then configure the new version. If the software
supports multiple configured versions (in addition to multiple installed versions) the
swconfig.allow_multiple_versions option can be set to true.
In case of any problems, the old version can be restored as the active version by unconfiguring
the new version and reconfiguring the old (i.e., by swconfig -u with the new version and
swconfig with the old version).
In order to support multiple versions, the software must be structured so that all files are below the
product directory, and the configure scripts need to be written with multiple version support in
mind. In a simple example, the configure script could add a symbolic link from /usr/bin/foo
to $SW_LOCATION/bin/foo, and the unconfigure script could remove that link. In this example,
configuring and unconfiguring each version of this software is easily done.
9.1 Overview
Along with the traditional HP-UX file access protection, SD-UX uses Access Control Lists (ACLs) to
authorize access to the primary objects on which it manages software:
• Hosts
• Roots (software installed on a host)
• Depots
• Products within depots
An ACL consists of a set of entries associated with an object when it is created.
swacl Syntax
swacl -l level [-D acl_entry|-F acl_file|-M acl_entry]
[-f software_file][-t target_file]
[-x option=value] [-X option_file]
[software_selections] [@ target_selection]
NOTE: You can change an ACL with -D, -F, or -M command options. You can only specify one
of these options per command because they are mutually exclusive. If you don’t specify a -D, -F,
or -M option, swacl prints the specified ACLs.
-D acl_entry Deletes an existing entry from the ACL associated with the specified
object. You can enter multiple -D options.
-F acl_file Assigns the ACL information contained in acl_file to the object.
All existing entries are removed and replaced by the entries in the
file. You can enter only one -F option.
-M acl_entry Adds a new ACL entry or changes the permissions of an existing
entry. You can enter multiple -M options.
-f software_file Reads a list of software selections from a separate file instead of
from the CLI. (See “Software Files” (page 36).)
-t target_file Reads a list of target host selections from a separate file instead of
from the CLI. (See “Target Files” (page 37).)
-x option=value Lets you change an option on the command line interface (CLI) that
overrides the default value or a value in an alternate options file
(-X option_file). See “Changing Command Options” (page 147).
• admin_directory=/var/adm/sw • rpc_timeout=5
• distribution_target_directory=/var/spool/sw • run_as_superuser=true
• installed_software_catalog=products • select_local=true
• level= • target_directory=
• log_msgid=0 • targets=
• lookupcache_timeout_minutes=10 • verbose=1
• rpc_binding_info=ncacn_ip_tcp:[2121] ncadg_ip_udp:[2121]
ACLs offer a greater degree of selectivity than do permission bits. An ACL extends the concept of
the HP-UX file system’s permission bits by letting you specify different access rights to several
individuals and groups instead of just one of each.
For example, if you set up remote operations, you must make some elementary changes to the
security ACLs on the remote systems. See “Setting Up Remote Operations” (page 124).
The ACLs changed are those protecting the source host (the host ACL), the host’s template ACLs
used in subsequent operations to produce ACLs for products (the global_product_template),
and depot/root containers (the global_soc_template). When changed, these ACLs grant
users on the source host the same permissions on the destination host as they have locally on the
source host. In addition, an entry for the superuser at the source host was added. This lets the
controller system’s superuser perform software distribution tasks on the remote system without
having to reconfigure ACLs.
If you need to change security, the following tasks can be performed (i.e., to understand and
modify the default setup):
• Listing user access
• Allow user to manage products in a depot
• Allowing users to manage roots
• Restricting read access to a depot
• Adding target hosts
• Temporarily restricting access to a depot
• Closing the SD-UX network
• Editing an ACL
• To list the users with access to the default depot (optionally on a remote host):
swacl -l depot @ newdist
#
# swacl Depot Access Control List
#
# For depot: newdist:/var/spool/sw
#
# Date: Fri Nov 03 11:23:51 2001
#
NOTE:
• Because software installation usually involves modification of system files during configurations,
software install and configure scripts are run as the superuser. Therefore, granting a user write
permission on a root is essentially giving them superuser access for managing software.
• "*" (for zero or more characters) and "?" (for a single character) are the wildcards allowed
in the hostname. A hostname can contain multiple wildcard characters. For example:
sw*.??.hp.com.
NOTE: The r (read) permission allows the user to access the depot and products, and the t (test)
permission allows the user to list the ACLs.
NOTE: "*" and "?" wildcards are allowed anywhere in the hostname for host ACL type.
NOTE: It is possible to edit an ACL so that you cannot access it! Caution should be used to avoid
accidentally removing your own control (c) permissions on an ACL. As a safeguard, the local
superuser may always use swacl to edit SD-UX ACLs.
Here are some examples based on the following ACL that is protecting a product (FORTRAN)
created by user rob whose local host is lehi.fc.hp.com:
# swacl Product Access Control Lists
#
# For host: lehi:/
#
# Date: Mon Nov 06 16:39:58 2001
#
# For product: FORTRAN,r=9.0,v=HP
# Object Ownership: User=root
# Group=sys
# Realm=lehi.fc.hp.com
# default_realm=lehi.fc.hp.com
object_owner:crwit
user:barb:-rt
user:ramon:-rt
group:swadm:crwit
host:alma.fc.hp.com:-rt
any_other:-rt
You can list the ACLs for the product is FORTRAN in depot /var/spool/sw (the default depot)
and prepare it for editing:
# swacl -l product FORTRAN >acl_tmp
This will bring the above ACL into the file acl_tmp, and it is ready for editing. Edit the acl_tmp
file with any suitable text editor.
To replace all entries in the ACL for FORTRAN, type:
# swacl -l product -F acl_tmp FORTRAN
To edit the default product template on a depot /var/spool/sw_dev, use:
NOTE: The local superuser has access to all local SD-UX objects irrespective of ACLs.
The ACL matching algorithm is:
1. If user is local superuser, then grant all permissions.
2. If user is owner of the object, then grant object_owner permissions.
3. If user matches a user entry, then grant user permissions.
4. If any group entries match, then accumulate the permissions granted by all group entries that
match the user’s primary and supplementary groups.
5. If an appropriate other entry matches, then grant other permissions.
6. If an any_other entry, then grant any_other permissions.
7. Grant no permissions.
NOTE: The host cannot be specified in the IPv6 format. This feature is not supported in ACL
entries.
TIP: Do not confuse the host object (which is a computer system that contains depots, roots, and
software) with the host entry type (which defines permissions for access to target systems).
The user and group of the object’s owner are determined and automatically recorded at the time
the object is created (based on the identity of the person who creates it). This information is recorded
as user, group, and realm. An object_owner or object_group entry type in an ACL
causes the SD-UX ACL manager to look up the owner and group information on the object; and if
a match to the requester is found, grant permissions as specified.
There may be many user, group, and host type entries per ACL, while there may be only one
of each of object_owner, object_group and any_other. There may be at most one local
(i.e., no key) other entry and an unlimited number of remote (i.e., keyed) other entries.
When listing the ACL, the remote-host is printed in its Internet address form (e.g., 15.12.89.10)
if the local system cannot resolve the address from its host lookup mechanism (DNS, NIS, or
/etc/hosts). The remote-host must be recognized (resolvable) when used in the -M and -D
options. Unrecognized remote-host values are accepted in files provided with the -F option.
In the ACL entry, these permissions are abbreviated c, t, i, w, and r. To grant all permissions,
you may use the shorthand letter a instead of the crwit to denote all permissions.
The meaning of permissions is different for different types of objects, and the permissions do not
have to appear in any specific order. Roots do not provide product level protection, so all
permissions on products installed on roots are controlled by the ACL protecting the root itself.
Product level protection is provided on depots in this way: the depot’s ACL protects the depot itself
while product ACLs protect the products within the depot.
The table below summarizes SD-UX object permissions and ACLs to which they may be applied.
Table 38 SD-UX ACL Permission Definitions
Permission Allows You To:
i (insert) Insert a new depot or Insert a new product Insert a new product N/A
root
1
w (write) Change host Change root or Change depot Change product
products
2
r (read) List depots and roots List root and product List depot and product Read product files
attributes attributes
1
Write permission means permission to change or delete the object, except the host source object may not be deleted.
2
Read permission on containers (i.e., hosts, roots, and depots) lets a user list the container contents; on products within
depots, read permission lets a user copy or install the product.
A sample root ACL that grants a user named lois permission to read, write, and insert software
and members of the group named swadm all possible permissions is:
user:lois:rwi-
group:swadm:crwit
When a root is created, it is automatically protected by a default ACL derived from its host. Use
swacl to change the initial values of this ACL. For additional information, see “ACL Templates ”
(page 159).
A sample depot ACL that grants its creator all permissions; user george permission to list and
insert software products; members of group swadm permission to list and insert products, change
the ACL and delete the depot itself; and everyone else permission to list the contents of the depot,
would be:
object_owner:crwit
user:george:-r-i-
group:swadm:crwi-
any_other:-r-
When a depot source object is created, it is automatically protected by a default ACL derived from
its host. Products inserted in that depot will automatically be protected by an ACL derived from the
depot. This concept is discussed in the “ACL Templates ” (page 159).
A sample product ACL that grants user swadm and the creator of the product all permissions and
allows open read permission (allowing free distribution to all systems) would be:
user:swadm:crw
object_owner:crw
any_other:-r-
NOTE: When a product object is created, it is automatically protected by a default ACL from
the depot/root source or, absent that, one from the host.
When a product is put into a depot with swcopy or swpackage, SD-UX uses a product ACL
template (provided by the depot that contains that product) to define the initial permissions of the
new product’s ACL.
SD-UX uses the product ACL template of the host system (global_product_template) to
initialize the product ACL template of the new depot and uses the container ACL template of the
host system (global_soc_template) to initialize depot and root ACLs.
NOTE: Remember, the local superuser always has all permissions, even without an ACL entry.
• In addition to encompassing all hosts, the any_other entry also applies to all other users
except, in this case, the product’s owner. In SD-UX however, product read permission has
meaning only to host principals, and other possible product permissions never apply to hosts;
therefore, the any_other entry may be overloaded with user and host permissions, if desired,
without any danger of ambiguity. This overloading should be kept in mind when using the
SD-UX to execute solutions.
These host ACL defaults provide a good starting point for control over the management functions
of SD-UX while providing open access to read the software for installation on root targets.
NOTE: The SD-UX Secret must be the same on both the target system and the controller.
The agent compares this encrypted secret to the encryption of a local secret it shares with the
controller’s host. If the secrets do not match, the call is not authenticated and it fails.
Secrets are stored by host name in the secrets file and are used to establish trust between two
systems. The controller selects a secret in the file that corresponds with the host name of the system
on which it is running. The agent, upon receipt of an RPC from the controller, looks up a secret
associated with the controller’s host.
For example, if the controller is running on alma.fc.hp.com and makes a request of an agent
running on lehi.fc.hp.com, each of the two processes will look up the secret associated with
alma.fc.hp.com (the controller’s host) from their respective secrets file.
Here is an example of the format of the shared secrets file:
default quicksilver
lehi.fc.hp.com s28ckjd9
alma.fc.hp.com 32hwt
newdist.fc.hp.com zztop
noway.fc.hp.com daisey
The first column represents the controller’s host name and the second column represents the
controller’s secret.
There is also a provision for a default secret (quicksilver in the example above), to be used
when no system name match is found in the secrets file. The entry is identified with the default
pseudo-host name. This entry allows open SD-UX interconnect between hosts sharing the same
default entry. SD-UX is shipped with the secret -sdu- that should be changed for your site.
NOTE: The secrets discussed here does not grant any access to SD-UX objects, but do allow a
host to participate in SD-UX operations.
9.8.2.1 Delegation
SD-UX provides a form of delegation to control access to depot-resident products: both the host
where the target agent is running and the user initiating the call must have read access.
This form of delegation passes the caller credential information to the depot agent in the RPC
options. This form of delegation works the same whether the agents are configured to use DCE or
SD-UX Internal authentication.
It is important to note that this delegation technique is provided to allow user-level access to
depot-resident products.
NOTE: In addition to registering users, caution should be exercised when installing or copying
from unregistered depots.
NOTE: /etc/logingroup is an HP-UX utility to support both SVR2/3 and BSD group semantics
selectively. When /etc/logingroup is linked to /etc/group, HP-UX gives BSD (and SVR4)
semantics.
You may want to grant permissions to specific users to manage particular products on the primary
depot. For example, user ramon may be assigned responsibility to manage the ALLBASE product
on your depot, installing new versions and patches when they become available. To add ramon
to the ACL for ALLBASE on the local depot and grant him all permissions on that one product, run
the command:
swacl -l product -M user:ramon:a ALLBASE
At the same time, you may want to eliminate the ACL entry for group swadm for the same product:
swacl -l product -D group:swadm ALLBASE
10.1.1 Prerequisites
Before you begin packaging software, ensure the following:
• SD-UX is installed and configured on the system where you intend to create your software
package.
• The software to package is installed on the packaging system, or that the necessary files are
available remotely.
NOTE: You can define different versions of products for different platforms and operating systems,
as well as different revisions (releases) of the product itself. You can include different product
versions on the same distribution media.
NOTE: You must use an absolute path for the second file term in this minimum format.
# Subproduct definitions:
subproduct
tag Manager
title Management Utilities
contents commands agent data man
end
subproduct
tag Agent
title Agent component
contents agent data man
end
# Fileset definitions:
fileset
tag commands
title Commands (management utilities)
revision 2.42
description < data/descr.commands
# Dependencies
directory ./ui=/var/adm/sw/ui
file *
# (...Other file definitions can go here...)
end
# Commands
# (...Other fileset definitions can go here...)
# Manpage fileset definitions:
fileset
tag man
title Manual pages for the SD-UX
revision 2.05
directory ./man/man1m=/usr/man/man1m.Z
file *
directory ./man/man4=/usr/man/man4.Z
file *
directory ./man/man5=/usr/man/man5.Z
file *
end
#man
end
#SD
• All keywords require one or more values, except as noted. If the keyword is there but the value
is missing, a warning message is generated and the keyword is ignored.
• Place comments on a line by themselves or after the keyword-value syntax. Comment lines
are designated by preceding them with #.
• Use quotes when defining a value (for example, description) that can span multiple lines.
Quotes are not required when defining a single-line value that contains embedded whitespace.
• Any errors encountered while reading the PSF cause swpackage to terminate. Errors are also
logged to both stderr and the logfile.
Distribution Class
distribution
layout_version revision_string 64 1.0
tag tag_string 64 EXAMPLE_DEPOT <
copyright multi_line_string 8K data/copyr.depot
description multi_line_string 8K data/descr.depot
number one_line_string 256 B2358-13601
title one_line_string 256 Example packages
Vendor Class
vendor
tag tag_string 64 HP
description multi_line_string 8K <data/desc.hp
title one_line_string 256 HP Company
Category Class
category
tag tag_string 64 patch_normal
description multi_line_string 8K Normal problems
revision revision_string 64 0.0
title one_line_string 256 Category of Patches
Product Class
product or bundle
* tag tag_string 64 SD-UX
* architecture one_line_string 256 HP-UX_B.11.11_32/64
category_tag one_line_string 256 Systems Management
- contents repeatable list of none pr.fs,r=1.0,a=,v=
software specs
copyright multi_line_string 8K <data/copyr.sd
description multi_line_string 8K <data/descr.sd
directory path_string 255/1024 /
is_locatable boolean 9 false
is_patch boolean 9 false
machine_type uname_string 64 9000/800
number one_line_string 256 B2000A
os_name uname_string 64 HP-UX
os_release uname_string 64 ?.11.*
os_version uname_string 64 A
+ postkernel path_string 255/1024 /usr/bin/kern_bld
+ readme multi_line_string 8K <data/README.sd
+ revision revision_string 64 A.01.00
+ share_link one_line_string 256
title one_line_string 256 Software Distributor
* vendor_tag tag_string 64 HP
Subproduct Class
subproduct
tag tag_string 64 Manager
contents one-line list of tag none commands agent data man
string values
description multi_line_string 8K <data/desc.mgr
title one_line_string 256 Management Utilities
Fileset Class
fileset
* tag tag_string 64 commands
ancestor repeatable list of none prod.oldfileset
product.fileset
architecture revision_string 64 HP-UX_B.11.11_32/64
category_tag tag_string 64 patch_normal
corequisite software_spec none SD-UX.man.r>=2.0
description multi_line_string 8K <data/descr.cmd
exrequisite software_spec none SD-UX.data,R>=2.1
is_kernel boolean 9 false
is_patch boolean 9 false
dynamic_module one_line_string 256 ipf pfil
is_reboot boolean 9 false
is_sparse boolean 64 false-
machine_type uname_string 64 9000/8*
os_name uname_string 64 HP-UX
os_release uname_string 64 ?.11.*
os_version uname_string 64 A
prerequisite software_spec none SD-UX.agent,r>=2.0
* revision revision_string 64 2.42
supersedes software_spec none product.fileset
title one_line_string 256 SD-UX Commands
Class
control_files
directory path_mapping_string none ./commands=/usr/sbin
file_permissions permission_string none -u 0222 -o root -g sys
file file_specification none -m 04555 bin/swinstall (or)
*
• The corequisites and prerequisites have singular titles for layout_version=0.8 (that is,
corequisite and prerequisite). See “Dependency Specification” (page 188) for more information.
• Category objects and keywords are handled differently.
For layout_version=1.0 (current standard):
◦ category and category_title are valid product attributes that replace the
category_tag attribute.
◦ category class objects are not recognized.
For a more complete description of PSF requirements for layout_version=0.8, refer to the
swpackage.4 manual page in a previous version of HP-UX.
NOTE: PSF syntax conforms to the layout_version=1.0 of the POSIX 1387.2 Software
Administration standard. Previous versions of SD-UX supported the POSIX layout_version=0.8
syntax, which continues to be supported. See “Selecting the PSF Layout Version ” (page 178) for
more information.
boolean • Maximum length: 9 bytes
• One of the values true or false.
• Examples: true, false
• Example: </mfg/sd/description
one_line_string • Maximum length: 256 bytes
• One-line strings support a subset of isascii characters
only. (Refer to the ctype(3) manpage.)
• No isspace characters, except for space and tab, are
allowed.
• Examples: Hewlett-Packard Company
path_mapping_string • Maximum length: none
• A value of the form: source[=destination] where
the source defines the directory in which subsequently
defined files are located. The optional destination
maps the source to a destination directory in which the
files will actually be installed.
• Examples:/mfg/sd/files/usr = /usr
path_string • Maximum length: 255 bytes for tapes, 1024 bytes for
depots
• An absolute or relative path to a file. Many attributes of
this type are restricted to 255 bytes in length. This
restriction is due to the tar(1) command, which requires a
file’s basename(1) be <= 100 bytes, and a file’s
dirname(1) to be <= 155 bytes. (Some implementations
of tar enforce < and not <=.)
• Examples: /usr /mfg/sd/scripts/configure
permission_string • Maximum length: none
• A value of the form:
CAUTION: If you misspell a standard keyword, SD-UX may mistake the keyword for a
vendor-defined attribute, which may lead to packaging errors.
NOTE: The vendor specification is not the same as vendor-defined attributes. See “Vendor-Defined
Attributes” (page 181) for more information.
vendor Keyword that begins the vendor specification.
tag Defines the identifier (short name) for the vendor.
title Defines the full name (one line description) for the vendor.
description Defines the multi-paragraph description of the vendor; the value is either the
text itself (within double-quotes) or a pointer to the filename containing the text.
end Ends the vendor specification. This keyword is optional.
NOTE: The layout_version keyword in the distribution class affects how categories
are associated with products and bundles. See “Selecting the PSF Layout Version ” (page 178) and
“Product Specification File Semantics” (page 181) for more information.
The category specification looks like this:
category
tag patch_normal
title Category of patches
description For normal problems
NOTE: The layout_version keyword in the distribution class affects how category
and vendor objects are associated with products and bundles. See “Selecting the PSF Layout
Version ” (page 178) and “Product Specification File Semantics” (page 181) for more information.
The product specification looks like this:
product
tag SD
architecture HP-UX_B.11.00_32/64
category_tag systems_management
contents prod.fsl,r=1.0,a=,v=
copyright </mfg/sd/data/copyright
description </mfg/sd/data/description
directory /usr
is_locatable false
is_patch false
machine_type *
number J2326AA
os_name HP-UX
os_release ?.11.00.*
os_version B.11.**
postkernel /usr/lbin/kernel_build
+ readme </mfg/sd/data/README
revision 2.0
title Software Distributor
vendor_tag HP
end
For each product object specified, swpackage requires only the product and tag keywords, plus
one or more fileset definitions. For each bundle specified, swpackage requires the bundle, tag
and contents keywords.
NOTE: The category tag patch is reserved. When the is_patch product
attribute is set to true, a built-in category_tag attribute of value patch is
automatically included with the product definition.
contents The list of fully qualified (all version distinguishing attributes included)
software specs for the bundle.
copyright A multi-line description of the product’s copyright; either the text itself (in double
quotes) or a pointer to the filename that contains the text.
description A multi-paragraph description of the product; either the text itself (within
double-quotes) or a pointer to the filename that contains the text.
directory The default, absolute pathname to the directory in which the product’s files
will be installed (the root directory of the product). If not specified, swpackage
assigns a value of /.
is_locatable Defines whether a product or bundle can be installed to any product directory,
or whether it must be installed into a specific directory. The attribute can be
set to true or false. If not defined, swpackage sets the default attribute to
“false.”
is_patch A boolean flag that identifies a software object as a patch. The default value
is false. When set to true, a built-in category_tag attribute of value patch
is automatically included with the product definition.
machine_type The system type on which the product will run. If not specified, the keyword
is assigned a wildcard value of *, meaning it will run on all machines. If there
are multiple platforms, you must separate each machine designation with a
| (vertical bar). For example, a keyword value of 9000/7*|9000/8* means
the product will run on all HP Series 9000 Model 7XX or all HP 9000 Series
8XX machines. Alternatively, the value 9000/[78]* would also work.
Other examples:
* (If not concerned with the machine type.)
9000/7??:32* (Series 700, 32-bit capable hardware required)
*:*64 (64-bit capable hardware required)
*:32: (32-bit capable hardware required)
9000/7??:*64 (Series 700, 64-bit capable hardware required)
9000/[78]??:32* (Series 800, 32-bit capable hardware required)
9000/[78]??:*64 (Series 800, 64-bit capable hardware required)
NOTE: The category tag patch is reserved. When the is_patch file
attribute is set to true, a built-in category_tag attribute of value patch
is automatically included with the file definition.
description Defines the multi-paragraph description of the fileset; the value is either the
text itself (within double-quotes) or a pointer to the filename containing the
text.
is_kernel A value of true defines the fileset as being a contributor to the operating
system kernel; the target system(s) kernel build process will be invoked after
the fileset is installed. If this attribute is not specified, swpackage assumes
a default value of false.
is_locatable Defines whether a fileset can be installed to any product directory, or
whether it must be installed into a specific directory. The attribute can be
set to true or false. If not defined, swpackage sets the default attribute to
false.
is_patch Identifies a software object as a patch. The default value is false. When
set to true, a built-in category_tag attribute of value patch is automatically
included.
dynamic_module A space-separated list of strings specifies the list of dynamically loadable
kernel modules (DLKMs) packaged into the fileset. The dynamic modules
themselves must be delivered to /usr/conf/mod/. If the
dynamic_module attribute is omitted, no DLKMs may be delivered in the
fileset.
When a dynamic module is packaged, it is customary to include a call to
the control_util mod_systemfile in a postinstall script to link the
module to the kernel. If a state of static is specified in the mod_sytemfile
call, the attributes is_kernel and is_rebootmust also be set to true.
In addition, if a system reboot is needed to activate the module, the
is_reboot attribute must be set to true.
is_reboot A value of true declares that the fileset requires a system reboot after
installation. If this attribute is not specified, swpackage assumes a default
value of false.
is_sparse Indicates that a fileset contains only a subset of files in the base (ancestor)
fileset and that the contents are to be merged with the base fileset. The
default value is false. If the is_patch attribute is true, is_sparse is also
set to true for the fileset, although it can be forced to false.
machine_type The machine type on which the product will run. If not specified, the
keyword is assigned a wildcard value of *, meaning it will run on all
machines. If there are multiple machine platforms, you must separate each
machine designation with a | (vertical bar). For example, a keyword value
of 9000/7*|9000/8* means the product will run on all HP Series 9000
Model 7XX or all HP 9000 Series 8XX machines. Alternatively, the value
9000/[78]* would also work.
Other examples:
* If not concerned with the machine type.
NOTE: A dependency must always be specified using a software specification that starts with
the product tag for the requisite software.
You can specify multiple dependencies to define AND relationships between the dependencies
(AND meaning that all dependencies must be satisfied).
You can also define OR relationships using the or (|) character. The following rules apply:
• White spaces are allowed around the OR character.
• OR dependencies are resolved from left to right.
Here is an example:
corequisite P.F
prerequisite ProdA | ProdB | ProdC.F | ProdC.FS
corequisite ProdX | ProdY | ProdZ | ProdW.FS
• Set a read mode for non-executable files, and a read/execute mode for executable files and
directories:
file_permissions -u 222
• Include only certain files under /build/hpux/mfg/, to be rooted under /usr and
/var/adm/sw:
directory /build/hpux/mfg=/usr
file sbin/swinstall
file sbin/swcopy
. . .
directory /build/hpux/mfg=/var/adm/sw
file nls/swinstall.cat nls/en_US.88591/swinstall.cat
file defaults newconfig/defaults
file defaults defaults
An exclude file can only be specified after a file definition. The file listed after the exclude keyword
is excluded from the current context (for example, from a recursive file definition or wildcard).
If the filename specifies a directory, then all files below that directory are excluded.
Include files let you include file definitions from a separate file. The syntax is:
file < filename
The include file must be separated from the file keyword by a less than sign (<).
file -v 1
file -v 2
file -v 3
file -v 4
file -v 5
Overview
Features and limitations include:
• Uses the PSF to organize files into products, subproducts, and filesets.
• Can include control scripts and PSFs to further specify how to handle the software when
installing it onto the target system.
• Sets permissions of the files being packaged.
• Can package either simple, one-fileset products or complex products with many filesets and
subproducts.
• Provides a way to repackage (change) existing products.
• The swpackage command provides only a command line user interface. There is no Graphical
User Interface for the packaging tasks.
• Can create directory depots (including CDs) or tape depots (useful for distributing software
via the internet).
• Does not automatically register newly created depots. You must use the swreg command (see
“Registering and Unregistering Depots (swreg) ” (page 95)).
II. Analysis swpackage analyzes the packaging tasks and requirements before actually packaging the
software to the target depot or tape. swpackage compares the software to be packaged
against the target depot to make sure the packaging operation will be successful.
III. Build swpackage packages the source files and information into a product object, and inserts
the product into the distribution depot. swpackage creates the depot but does not register
it. You must have appropriate SD-UX permission to create this new depot on the local host.
If the target (destination) is a tape media, a temporary depot is created.
IV. Make Tape (Optional) This phase occurs only if you are packaging to a distribution tape. swpackage
copies the source files and a temporary depot catalog to the tape. (Note that swpackage
cannot compress files when writing to a tape.)
Phase I: Selection
When you run swpackage, you must specify a PSF and any other options you wish to include.
The swpackage command begins the session by telling you the source, target, software selections,
and options used to:
• Determine the product, subproduct, and fileset required for the structure
• Determine which files are contained in each fileset
• Determine the attributes associated with each objects
• Check PSF syntax and terminate the session if any validation errors are encountered
• admin_directory=/var/spool/sw • loglevel=1
• allow_large_files=false • lookupcache_timeout_minutes=10
• allow_large_serial_depot=false • media_capacity=1330
• allow_partial_bundles=true • media_type=directory
• compress_command=/usr/contrib/bin/gzip • package_in_place=false
• compress_files=false • reinstall_files=true
• compress_index=false • reinstall_files_use_cksum=true
• compression_type=gzip • remove_obsolete_filesets=false
• create_target_acls=true • run_as_superuser=true
• distribution_source_directory=/var/spool/sw • software=
• distribution_target_directory=/var/spool/sw • source_directory=
• distribution_target_serial=/dev/rmt/0m • source_files=psf
• enforce_dsa=true • source_type=directory
• follow_symlinks=false • target_directory=
• include_file_revisions=false • target_tape=
• layout_version=1.0 • targets=
• log_msgid=0 • uncompress_cmd=
• logdetail=false • verbose=
• logfile=/var/adm/sw/swpackage.log • write_remote_files=false
* Source: vewd:test.psf
* Target: vewd:/var/spool/sw
* Software selections:
*
* Options:
preview true
verbose 1
loglevel 1
logfile /var/adm/sw/swpackage.log
source_type file
target_type directory
package_in_place false
follow_symlinks false
include_file_revisions false
enforce_dsa true
reinstall_files true
reinstall_files_use_cksum false
write_remote_files false
create_target_acls true
NOTE: If the only use of a depot created with swpackage is local access by the packaging
user, depot registration is not required.
• If you have deleted some fileset definitions in the PSF or modified a fileset by changing
it’s tag attribute, swpackage will produce warning messages about the existing filesets
that are not part of the modified product’s definition (in the PSF). The existing filesets plus
the new filesets in the product’s definition (in the PSF) will all be contained in the modified
product.
The warnings are produced during analysis phase, and are only produced when the
whole product is being repackaged (as opposed to subsets of the product).
• To get rid of the obsolete (renamed) filesets, use swremove:
# swremove -d product.old_fileset @ depot
• You may want to swremove the product entirely before repackaging the changes:
# swremove -d product @ depot
# swpackage -s psf <other options> product @ depot
NOTE: The capacity of the DDS tape is in one million byte units (1,000,000 bytes), not Mbyte
units (1,048,576 bytes). Most tape drive manufacturers specify capacity in one-million byte units.
If the products being packaged require more space than the specified media capacity, swpackage
will partition the products across multiple tapes.
To find out if multiple tapes will be required, swpackage will calculate the tape blocks required
to store the depot catalog and each product’s contents.
When multiple tapes are necessary, swpackage writes the entire catalog onto the first tape plus
any product contents that also fit. For each subsequent tape, swpackage prompts you for a “tape
is ready” response before continuing.
• Configure Script
This script is run by swinstall or by swconfig to configure the host for the software, or
configure the software for host-specific information. For example, this script could change a
host’s specific configuration file such as /etc/services, add the host name or other host
resources such as available printers to its own configuration file, or perform compilations.
Configure scripts are run by swinstall for all products (in prerequisite order) after the
products have completed the Load phase. However, they are only run when installing to a
system that will actually be using the software. They are deferred when installing to an alternate
root (for example, for diskless or building test file systems) and run instead by the swconfig
command when the alternate root is now the root of the system using the software.
The swconfig command can also be used to rerun configure scripts that failed during a
normal install. A successful execution of the configure step (whether there is a script or not)
moves the software from the installed state to the configured or ready-to-use state. Configure
scripts (and all others) must be able to be run many times (that is, they must be re-executable).
Configure scripts are a good place to remove obsolete files.
Configure scripts are not run for installations to alternate roots.
• Verify Script
Verify scripts are run by the swverify command any time after the software has been installed
and configured. Like other scripts, they are intended to verify anything that the SD-UX software
management tools do not verify by default. For example, this script could check to see that
the software is configured properly and that you have a proper license to use it.
• Fix Script
Defines the fix script run by swverify to correct and report problems on installed software. The
fix script can create missing directories, correct file modifications (mode, owner, group, major,
and minor), and recreate symbolic links.
• Unconfigure Script
A script run by swconfig or swremove to undo a host or software configuration originally
performed by a configure script. For example, an unconfigure script could remove the
configuration from the /etc/services file. (The unconfigure task moves the software from
the configured state back to the installed state.)
Only the swremove command actually removes software, although you can run unconfigure
scripts using swconfig. Unconfigure scripts are not run for removals from alternate roots.
• Checkremove Scripts
The checkremove script is run by swremove during the remove analysis phase to allow any
checks before the software is permanently removed. For example, the script could check
whether anyone was currently using the software before removing it.
• Preremove Scripts
This script is executed just before removing files. It can be destructive to the application because
files will be removed next. It could remove files that the postinstall script created. For example,
a preremove script could save a specific fileset to another location before removing the rest
of the filesets in the product.
• Other Scripts
You can include other control scripts, such as a subscript that is sourced by the above scripts.
The location of the control scripts is passed to all scripts via the SW_CONTROL_DIRECTORY
environment variable, and are denoted by the keyword control_file within the PSF.
For example:
control_file
source scripts
tag checkinstall
interpreter ksh
SD checks that the interpreter is available. If the interpreter is not available, the script fails. (To
avoid this problem, you can use a checkinstall script to verify the existence of any script interpreters
that you specify.) If SD finds the interpreter, it processes the script normally using the interpreter
that you specified.
The value of each keyword is the source filename for the specific control script. swpackage will
copy the specified control script’s filename into the depot’s storage directory for the associated
product or fileset, using the keyword as the tag of the stored script (for example, “configure”).
You can include control script specifications or data files with the product or fileset. These are
stored alongside the standard SD-UX control scripts. For example, you could specify a subscript
called by the supported control scripts, or a data file read by these scripts. These additional scripts
are specified using the syntax:
PATH[=tag]
If you do not specify the tag component, swpackage uses the basename(1) value of the source
pathname as the tag.
11.4.1.3 LC_CTYPE
• Determines the interpretation of sequences of bytes of text data as characters (e.g., single-versus
multibyte characters in values for vendor-defined attributes).
11.4.1.4 LC_MESSAGES
• Determines the language in which messages should be written.
11.4.1.5 LC_TIME
• Determines the format of dates (create_date and mod_date) when displayed by swlist.
Used by all utilities when displaying dates and times in stdout, stderr, and logging.
11.4.1.6 TZ
• Determines the time zone for use when displaying dates and times.
11.4.2.2 SW_CONTROL_DIRECTORY
• Defines the full pathname to the directory containing the script. This tells other scripts where
other control scripts for the software are located (subscripts, for example).
Also contains the response file generated by a request script. Other scripts that reference the
response file access the file by referencing this variable.
The directory is either a temporary catalog directory, or a directory within in the Installed
Products Database (IPD).
Here is an example of sourcing:
. ${SW_CONTROL_DIRECTORY}subscript
grep something ${SW_CONTROL_DIRECTORY}datafile
11.4.2.3 SW_CONTROL_TAG
• Holds the tag name of the control_file being executed. When packaging software, you
can define a physical name and path for a control file in a depot. This lets you define the
control_file with a name other than its tag and lets you use multiple control_file
definitions to point to the same file. A control_file can query the SW_CONTROL_TAG
variable to determine which tag is being executed.
11.4.2.4 SW_LOCATION
11.4.2.5 SW_PATH
• The search path for commands. A PATH variable defines the minimum set of commands
available for use in a control script (for example, /sbin:/usr/bin:/usr/ccs/sbin).
A control script should always set its own PATH variable, and the PATH variable must begin
with $SW.PATH. The PATH should be set as follows:
PATH=$SW_PATH
export PATH
Additional directories, like /usr/local/bin, can be appended to PATH, but you must make
sure that the commands in those directories exist.
11.4.2.6 SW_ROOT_DIRECTORY
• Defines the root directory in which the session is operating, either “/” or an alternate root
directory. This variable tells control scripts the root directory in which the products are installed.
A script must use this directory as a prefix to SW_LOCATION to locate the product’s installed
files.
All control scripts (except for the configure and unconfigure scripts) can be executed during
an install or remove task on an alternate root. If the scripts reference any product files, each
reference must include the {SW_ROOT_DIRECTORY} in the file pathname.
The scripts may only need to perform actions when installing to (removing from) the primary
root directory (“/”). If so, then the SW_ROOT_DIRECTORY can be used to cause a simple
exit 0 when the task is operating in an alternate root directory:
if test "${SW_ROOT_DIRECTORY}" != "/"
then
exit 0
fi
11.4.2.7 SW_SESSION_OPTIONS
• Contains the pathname of a file containing the value of every option for a particular command,
including software and target selections. This lets scripts retrieve any command options and
values other than the ones provided explicitly by other environment variables.
11.4.2.8 SW_SOFTWARE_SPEC
• Contains the fully qualified software specification of the current product or fileset. The software
specification allows the product or fileset to be uniquely identified. (Fully qualified software
specs include the r=, a=, and v= version components even if they contain empty strings. For
installed software, l= must also be included.)
11.4.3.2 SW_INITIAL_INSTALL
• This variable is normally unset. If it is set, the swinstall session is being run as the back
end of an initial system software installation (that is, a “cold” install).
11.4.3.3 SW_KERNEL_PATH
• The path to the kernel. The default value is /stand/vmunix.
11.4.3.4 SW_SESSION_IS_KERNEL
• Indicates whether a kernel build is scheduled for the current install/remove session.
• A “true” value indicates that the selected kernel fileset is scheduled for a kernel build and that
changes to /stand/system are required.
• A null value indicates that a kernel build is not scheduled and that changes to /stand/system
are not required.
• The value of this variable is always equal to the value of SW_SESSION_IS_REBOOT.
11.4.3.5 SW_SESSION_IS_REBOOT
• Indicates whether a reboot is scheduled for a fileset selected for removal. Because all HP-UX
kernel filesets are also reboot filesets, the values of this variables is always equal to the value
of SW_SESSION_IS_KERNEL.
11.4.3.6 SW_SYSTEM_FILE_PATH
• The path to the kernel’s system file. The default value is /stand/system.
11.4.5 Environment Variables That Affect swinstall, swremove and swconfig in SRP
11.4.5.1 SW_ALLOW_LOCAL_SRP_OPS
This variable is usually not set. If it is set to TRUE or 1, this variable allows swinstall to run on
a system container. If a value other than TRUE or 1 is specified, or if a value is not specified, the
system container does not support swinstall.
◦ REBOOT (12) -Exits and indicates that a reboot of the system is required when a fileset
is installed. This return value may only be used on a fileset-level checkinstall script.
With Software Distributor versions prior to B.11.31.1009.348 and B.11.23.1009.348,
the return value can only be used for filesets with the dynamic_module attribute set.
NOTE: HP recommends you to specify the is_reboot flag instead of returning the
REBOOT code from the control scripts for rebooting the system.
All messages produced by control scripts are redirected to the agent logfile.
• The set of control scripts executed during a particular phase of a task are always executed in
prerequisite order the scripts of each prerequisite product/fileset are executed before the script
of the dependent fileset.
• All control scripts are readable by any other control script.
• If the checkinstall script fails, the fileset will not be installed. The interactive interface of
swinstall will notify you that the checkinstall script has failed. Then you can: diagnose the
problem, fix it and re-execute the analysis phase; or unselect the product/fileset. The
non-interactive interface tells you about each individual checkinstall failure and the filesets are
not installed.
• A checkinstall script is executed for installations into the primary root (“/”) or an alternate
root. Since most of the actions of this script will involve checking the current conditions of a
running system (that is, the primary root), it may not need to perform any actions when the
product/fileset is being installed into an alternate root.
• The preinstall script for a product is executed immediately before the fileset’s files are installed.
• A preinstall script should perform specific tasks preparatory to the files being installed. The
swinstall session will proceed with installing the files regardless of the return value from
a preinstall script. Example actions include removing obsolete files (in an update scenario).
• A preinstall script is executed for installations into the primary root (“/”) or an alternate root.
The scope of actions of a preinstall script should be within the product itself (that is, the files
within the product’s directory).
• The postinstall script for a product is executed immediately after the fileset’s files are installed.
• A postinstall script should perform specific tasks related to the files just installed. The
swinstall session will proceed with the remainder of the session (for example, configuration)
regardless of the return value from a postinstall script. Example actions include adding a kernel
driver to the system file or moving a file from under /usr/newconfig to its correct place in
the file system.
• A postinstall script is executed for installations into the primary root (“/”) or an alternate root.
The scope of actions of a postinstall script should be within the product itself (that is, the files
within the product’s directory).
• The customization or configuration tasks that must be performed to enable the product/fileset
for general use should not be done in the postinstall script, but the configure script (described
below).
• A configure script is only executed for installations into the primary root (“/”). If you choose
to defer configuration in the swinstall session, then the configure script will be executed
by a swconfig session at some time after the installation completes.
• A configure script is usually executed only when the product/fileset is in the installed state.
• A configure script is the primary way to move a product/fileset from the installed state to the
configured state. The script should perform all (or most of) the activities needed to enable the
product/fileset for use.
• A configure script can use configuration information provided by the user and collected by a
request script.
• When an existing version of a product is updated to a new version, the configure script(s) for
the new version must perform any unconfigurations-configurations of the old version that are
necessary to properly configure the new version. The unconfigure script(s) for the old version
are not executed.
• Configure scripts are for architecture-dependent actions because they will always be run on
the architecture of the install target.
• Configure scripts are the best place for removing files and updating the IPD, since the system
is not in transition (i.e. as in an update).
• A configure script can help with software updates as well as new installs. The script must also
be able to handle reinstallation and should include appropriate error control if data destruction
is possible.
• An unconfigure script is executed only for software installed into the primary root (“/”).
• An unconfigure script is re-executed even when the product/fileset is in the configured state.
• An unconfigure script is the primary way to move a product/fileset from the configured state
back to the installed state. The script should perform all (or most of) the activities needed to
disable the product/fileset for use.
• An unconfigure script must undo all configuration tasks performed by its companion configure
script. The user should be able to configure, unconfigure, configure, etc. an installed
product/fileset and always end up with the same configured result.
• A fix script can be used to correct attribute problems detected by a verify script.
• A fix script can create missing directories, correct file modifications (mode, owner, group,
major, and minor), and recreate symbolic links.
• All preremove scripts for a product are executed immediately before the product’s files are
removed.
• A preremove script should perform specific tasks preparatory to the files being removed. The
swremove session will proceed with removing the files regardless of the return value from a
preremove script. Example actions include removing files created in the postinstall script.
• All postremove scripts for a product are executed immediately after the product’s fileset files
are removed.
• A postremove script should perform specific tasks related to the files just removed. The swremove
session will proceed with the remainder of the session regardless of the return value from a
postremove script. Example actions include:
◦ Removing any files still remaining after preremove and the swremove file removal have
completed.
◦ Removal of directories wholly owned by the fileset and which have been emptied by the
file removal.
• A postremove script is executed for installations into the primary root (“/”) and an alternate
root. The scope of actions of a postremove script should be within the product itself (that is,
the files within the product’s directory).
• The de-customization or unconfiguration-configuration tasks which must be performed to disable
the product/fileset for general use should not be done in the postremove script, instead they
should be done in the unconfigure script (described above).
• Request scripts write information into a response file for later use by the configure script or
other scripts. You can run requests scripts by executing the swask command or using the ask
option with swinstall or swconfig after selection and before the analysis phase.
• The POSIX default for request scripts is a shell script. The shell script must be able to:
◦ Ask questions of the user.
• Only minimal, essential information should be emitted by control scripts. Ideally, no output is
emitted if the script successfully performs all of its actions.
• In the agent logfile, the execution of each control script is prefaced by a “begin execution”
message:
* Running "checkinstall" script for product "PRODUCT"
* Running "checkinstall" script for fileset
"PRODUCT.FILESET".
• The messages written by a control script must conform to the following format conventions
whenever possible.
1. Never emit blank lines.
2. All output lines must have one of these forms:
◦ ERROR: text
◦ WARNING: text
◦ NOTE: text
◦ <blank> text
In each case, the keyword, if there is one, must begin in column 1, and the text must
begin in column 10 (indented nine blanks).
3. Choose the keyword (ERROR, WARNING, NOTE, or blank) as follows:
ERROR: Cannot proceed, may need corrective action.
WARNING: Can proceed, but something went wrong and may need action.
NOTE: Can proceed, but something happened that is out of the ordinary or worth
special attention. (Not just a status message.)
<blank> Generic progress and status messages (keep them to a necessary minimum).
Do not start a line with an asterisk (*) character. This is reserved for operational messages
printed by the agent so you can easily distinguish them from other messages.
4. If the message text requires more than a single 72-character line, break it into several
72-character lines. Indent all lines after the first. For example:
NOTE: To install your new graphics package, you must turn on the lights
in the next room.Please turn them off when you leave.
• Follow these conventions to ensure a control script’s messages have a similar look and feel to
the messages generated by the agent (and the commands themselves).
◦ Use full sentences wherever possible. Avoid terseness.
◦ Start sentences and phrases with capital letter and end with period.
◦ Put two blanks after period; one after colons, semicolons, and commas.
◦ Use uppercase first letters of phrases after colons. (This helps break up the message into
digestible “bites” of information.)
◦ Surround product, fileset, directory, and file names, and other variable-valued strings
with quotes. For example:
echo "ERROR: Cannot open file \"$file\"." &>2
◦ Write in the present tense. Avoid “would”, “will”, and similar verb tenses. Also avoid
past tense except where necessary.
◦ Use “cannot” rather than “can’t”, “could not”, “couldn’t”, “unable to”, “failed to”, and
similar phrases.
◦ Write messages that make sense to system administrators and users. Consider your
audience.
• If any files in the previous revision of a product have changed names or became obsolete, a
product/fileset preinstall or postinstall script in the new revision of the product must remove
the old files. The agent does not remove the files in an existing product/fileset before updating
it to a newer revision.
NOTE: It is necessary to perform the cleanup task of any previous revision that can be
updated to the new revision. Sometimes this is more than just the previous revision.
Syntax
swask[-v] [-c catalog] [-C session_file] [-f software_file]
[-s source][-S session_file][-x option=value][-X option_file]
[software_selections][@target_selections]
• admin_directory=/var/adm/sw • log_msgid=0
• ask=true • logdetail=false
• autoselect_dependencies=true • logfile=/var/adm/sw/swask.log
• autoselect_minimum_dependencies=false • loglevel=1
• autoselect_patches=true • lookupcache_timeout_minutes=10
• enforce_scripts=true • patch_filter=*.*
• installed_software_catalog=products • run_as_superuser=true
• verbose=1
12.1 Overview
The nonprivileged mode of SD-UX lets users access application software based on their file system
permissions rather than super-user privilege implemented by SD-UX ACLs. Nonprivileged mode is
honored by almost all SD commands. You can use nonprivileged mode for all aspects of developing,
distributing, and managing applications.
12.1.3 Limitations
• Remote targets are not allowed with SD-UX remote operations, except for swlist access to
remote systems and commands that can normally access remote depots. Access to such remote
systems is determined by the SD ACLs on the remote system.
• Nonprivileged mode cannot be used to manage HP-UX operating system software or patches
to it.
• A swinstall or swcopy in nonprivileged mode cannot read a source depot on a local
writable file system that was created with super-user privileges (that is, created by a super-user,
NOTE: This option is ignored (treated as true) when the invoking user is super-user.
232 Nonprivileged SD
12.2.3 How Nonprivileged Mode Changes SD-UX Behavior
When the run_as_superuser option is set to the default value of true, SD-UX operations are
performed normally, with permissions for operations either granted to a local super-user or set by
SD ACLs. (See Chapter 9: “SD-UX Security ” (page 145) for details on ACLs.)
When run_as_superuser is set to false and the invoking user is local and is not super-user,
nonprivileged mode is invoked:
• Permissions for operations are based on the user’s file system permissions.
• SD ACLs are ignored.
• Files created by SD have the uid and gid of the invoking user, and the mode of created files
is set according to the invoking user’s umask.
234 Nonprivileged SD
A Command Options
This appendix reviews the basics of altering SD-UX command options and provides an alphabetic
list of all options and their default values.
Table 53 Chapter Topics
Topics:
NOTE: Use caution when changing default option values. They allow useful flexibility but can
produce harmful results if changed to a value that is inappropriate for your needs.
NOTE: Options in the defaults file are read as part of command initialization. Because the
daemon is already running, you must restart the daemon after changing daemon options for the
system to recognize those options. To restart the daemon, type:
/usr/sbin/swagentd -r
loglevel=1 logdetail=false Only key events are logged. This is the default setting for
both options.
loglevel=1 logdetail=true Event detail as above plus task progress messages. (Setting
loglevel=1 is optional because 1 is the default value.)
◦ operating_system specifies the name of the operating system, such as HP-UX. See
the uname(1) manual page for complete information.
◦ width specifies the word width in bits (either 32 or 64) of the OS to be installed.
◦ operating_system and width must be separated by a colon (:).
Applies only to swinstall.
• os_release
Specifies fileset selection for an HP-UX update. (This option should always be used with the
os_name option.) You must specify this option from the command line or when invoking the
swinstall GUI.
This options has the following syntax:
os_release=release
release specifies the HP-UX release. Values include:
◦ B.10.01
◦ B.10.10
◦ B.10.20
◦ B.10.30
◦ B.11.00
◦ B.11.11
◦ B.11.23
◦ B.11.31
Applies only to swinstall.
• package_in_place=no
Setting this option to yes causes swpackage to build the products such that the depot does
not actually contain the files that make up a product. Instead, the depot references the original
source files used to build a product. This lets you package products in a development or test
environment without consuming the extra disk space required to create a distribution depot.
Applies only to swpackage.
• patch_commit=false
Commits a patch by removing files saved for patch rollback. The default value is false. When
set to true, this option removes the saved files for the patches specified in the software selections
for the command. Once you have run this option on a patch, you cannot remove the patch
unless you remove the associated base software that the patch modified.
Applies only to swmodify.
• patch_filter=*.*
Specifies a software_specification for a patch filter.
• reuse_short_job_numbers=true
When assigning job ID numbers, SD-UX uses numbers less than 10,000. Typically, old jobs
are removed long before job number 9,999 is reached, so the job number quickly rolls over
from 9999 back to 1. When you execute a large numbers of jobs that are not removed before
the ID numbers reach 9,999, SD-UX may have performance delays while it searches for unused
job numbers.
Setting reuse_short_job_numbers to false causes SD-UX to begin using numbers above
10,000. This avoids possible searching delays and lets the job ID numbers increase to 8 digits
(99,999,999) if necessary. (This prevents roll-over from 9999 back to 1, so is usually not
desirable.)
See also the autoremove_job option.
Applies to swconfig, swcopy, swinstall, swremove, and swverify.
• rpc_binding_info=ncacn_ip_tcp:[2121] ncadg_ip_udp:[2121]
Determines on what protocol sequence(s) and endpoint(s) the swagentd daemon listens. If the
connection fails for one protocol sequence, the next is attempted. SD-UX supports both the tcp
and udp protocols on most platforms.
The value can have the following form:
◦ A DCE string binding containing a protocol sequence and an endpoint (a port number).
The syntax is:
protocol_sequence: [ endpoint ]
◦ The name of a DCE protocol sequence with no endpoint specified. This syntax is:
ncadg_ip_udp or ncacn_ip_tcp
Since no endpoint is specified, the DCE endpoint mapper rpcd must be running and is
used to find the endpoint registered by swagentd
◦ The literal string all. This entry means to use all protocol sequences supported by the
DCE Remote Procedure Call (RPC) runtime. It should be the only entry in the list. The rpcd
must be running.
Applies to all commands except swask, swmodify, and swpackage.
NOTE: When both the source and target machine are updated to HP-UX 10.30 or later, the
system administrator at the source depot machine can track which user pulls which software from
a depot and when the software is pulled. Refer to the source_depot_audit option in Appendix A
(page 235) or “Source Depot Auditing” (page 101).
B.1.3 Notes
Notes are used to notify you of an event that is not erroneous, unexpected or undesirable, but that
you should be aware of:
NOTE: The fileset "SD-DATABASE.SD-DATABASE1,r=9.00.1C" is
already installed. If you wish to reinstall this
fileset, change the "reinstall" option to "true".
Installation fails
262 Troubleshooting
it means SD-UX could not contact the daemon program on a specific target system. Note that this
may occur even if you haven’t specified any targets, for example, if the daemon on your local host
is not running.
Resolution
If the SD-UX daemon/agent is not installed on a given target system, you must install it before you
can use SD-UX.
If you’ve verified that the daemon/agent component has been installed on a target system and
you still have trouble contacting it, check to see that the daemon is running:
1. On the target system, type:
ps -e | grep swagentd
2. If the daemon does not appear to be running, you can start it by typing (as root on the target
system):
/usr/sbin/swagentd
3. If you attempt to start a daemon when one is already running, you will see a message about
the other daemon; this is harmless.
You can also kill and restart a currently running daemon by typing:
/usr/sbin/swagentd -r
Other possible causes for this problem are listed in the section “Connection Timeouts and Other
WAN Problems ” (page 266).
TIP: An easy way to determine if a target system has the SD-UX daemon installed and running
is to type:
/usr/sbin/swlist -l depot @ <one or more target hostnames>
which will attempt to contact each target to get a list of registered depots. Those targets which
have the SD-UX daemon installed will report either:
# Initializing...
# Target <hostname> has the following depot(s):
# <...insert list of depots...>
or
# Initializing...
WARNING: No depot was found for <hostname>.
For more information on daemon activity, see the daemon logfile in /var/adm/sw/
swagentd.log.
Resolution
Generally, when SD-UX denies access to an object, a message tells you that you do not have the
required access permission. Yet, it may be unclear which object is not accessible. For example,
when you use swcopy to copy a product from system A to a depot, SD-UX checks these ACLs:
1. If the destination depot does NOT exist, the host ACL is checked to verify that the user has
“insert” permission.
2. If the destination depot does exist, the depot ACL is checked to verify that the user has write
permission.
3. The source depot’s ACL is checked to make sure the user has read permission on the source
depot.
4. The source product’s ACL is also checked to make sure that the user and the destination system
both have read access to the product.
If any of these access permissions is absent, the whole operation is disallowed, and you must read
the error message carefully to understanding the exact cause. To see more about what type of
security or access problems exist, see the daemon log file on the target system: /var/adm/sw/
swagentd.log
264 Troubleshooting
B.2.3.2 Do Not Modify ACL Files Without swacl
Since SD-UX stores ACLs in the file system as plain text files, you may try to edit them with a
conventional editor. This can lead to unexpected corruption of the ACL. Most cases of this corruption
simply result in a message indicating the corruption, but inserting additions to the ACL file without
updating the num_entries value can result in unreported problems and cause SD-UX to deny
access. A common failure could occur, for instance, if a you inserted user entry in the ACL file.
This could push the any_otherentry down beyond the num_entries limit. The ACL manager
would never read the any_other entry, and you would have access problems. The best guard
against this situation is to always use the swacl command to manipulate ACLs.
Resolution
The compress_files=true option compresses files transferred from a source depot to a target.
This can reduce network usage by approximately 50%; the exact amount of compression depends
on the type of files. Binary files compress less than 50%, text files more.
NOTE: This option should be set to true only when network bandwidth is clearly restricting total
throughput. If this option is used with a fast network or with a depot server simultaneously connected
to many target hosts, this option can actually reduce overall throughput or performance, unless the
source depot is already compressed.
If it is not clear that this option will help in your situation, compare the throughput of a few install
or copy tasks (both with and without compression) before changing this option value.
See Chapter 8: “Reliability and Performance ” (page 137) for more information about performance
options.
Resolution
Increase the time-out value used by SD-UX when performing Remote Procedure Calls (RPCs) by
specifying a higher value for the rpc_timeout option, either via the command line or in the
defaults file. RPC time-out values range from 0 to 9, with 9 being the longest time-out. The default
RPC time-out value is 5. Note that these values do not represent any specific time units. See
Appendix A (page 235) for more information on the rpc_timeout option.
Increasing the rpc_timeout can also help in situations where the target agents in an install or
copy session are timing out when trying to contact the source agent. This problem is indicated by
the following error messages in the agent log file:
ERROR: Could not open remote depot/root <path> due to
an RPC or network I/O error.
ERROR: Cannot open source. Check above for errors, as
well as the daemon logfile on the source host (default
location:/var/adm/sw/swagentd.log).
ERROR: Cannot continue the Analysis Phase until the
previous errors are corrected.
Another factor that can affect RPC timeouts on a slow network is the choice of network protocol.
SD-UX supports both UDP- and TCP-based communication (the default is TCP). TCP communication
is more reliable on a WAN because it is connection-based. SD will fall back to a UDP connection
if the TCP connection fails for some reason. The default binding can be set with the -x
rpc_binding_info option.
Note that the daemon program (swagentd) listens for both UDP- and TCP-based RPCs by default.
See Appendix A (page 235) for more information on the rpc_binding_info option.
A final WAN-related issue may arise when using the interactive GUI. During the analysis and
execution phases of an interactive session, each target agent is periodically polled for up-to-date
266 Troubleshooting
status information. The polling_interval option can be used to control the number of seconds
that elapse between successive status polls of a given target system. On networks where even this
minor data transfer is a problem, you can increase this polling interval, thus decreasing the frequency
of polling, and reducing an interactive session’s overall demands on the network. See Appendix A
(page 235) for more information on the polling_interval option.
Resolution
Possible causes of this problem:
• A control script associated with the installation has consumed disk space by creating or copying
additional files that aren’t accounted for during analysis.
• Your target systems were not idle when the analysis was done and some other activity (unrelated
to SD-UX) was consuming disk space.
• The depot from which the product was installed or copied was created by swpackage with
the package_in_place option set to true, and source files have been modified since the
product was packaged. The swverify command can be used to diagnose this problem.
Resolution
The end keyword marks the end of a depot, vendor, product, subproduct or fileset specification
in a PSF. It requires no value and is optional. However, if you use it and it is incorrectly placed,
the specification will fail. Check to make sure, if you use it, there is an end keyword for every
object specification (especially the last one).
Resolution
To reduce messages to a minimum, set the verbose command option to 0 in one of the option
files or by using the -x option on the command line. For example, entering -x
spackage.verbose=0 on the command line when you run swpackage would reduce the number
of entries to the swpackage log to a minimum. See Appendix A (page 235) for details about setting
options.
Resolution
If the daemon is currently running, DO NOT remove its logfile. The running daemon continues to
log messages to its logfile even after you’ve removed it, causing any subsequent information to be
lost. Also, the disk space used by the logfile will not be freed as long as the daemon is running.
Instead, truncate the logfile by typing (as root):
echo > /var/adm/sw/swagentd.log
This replaces the previous data in the log with an empty string.
Resolution
Make sure that you have correctly specified the tape device and that the correct tape is in the
drive. SD-UX only reads tapes that are in SD-UX format. For example, SD-UX does not read update
format tapes.
Resolution
SD-UX gives you several restart options:
• Re-execute the same command from the command line.
• Recall the session file swinstall.last that was automatically saved for you. (See “Session
Files” (page 39).)
• Reset the checkpointing options.
By default, SD-UX checkpoints to the fileset level, meaning that the operation will start
transferring files with the last fileset to be attempted. By setting the reinstall_files option
to false, SD-UX restarts distribution and installation with the file that was last attempted. (SD-UX
does not support checkpointing below the file level.)
You can override all checkpointing by setting both the reinstall and reinstall_files
options to true. See Appendix A (page 235) for more information.
Resolution
Another SD command is running that prevents the swinstall or swremove command from
running. Wait for that command to finish and try again.
B.2.13 Use of Square Brackets ([ and ]) Around an IPv6 Address Causes an Error
Commands such as swinstall, swlist, and so on used with IPv6 address enclosed in square
brackets, fail with an error.
For example:
swlist @ [2620:0:a07:e020:21a:4bff:fef3:90e8], fails with the following error:
268 Troubleshooting
# Initializing...
ERROR: Could not contact host "a". Make sure the hostname is correct
and an absolute pathname is specified (beginning with "/").
Resolution
Type stty to see if the [ or ] character is mapped to any other function on your system. If it is
mapped to any other function, then remove or change the mapping, or use \[ and \].
C.1.1 Prerequisites
The install-sd command and an accompanying swagent.Z file require at least 2 MB of free
space in the /var/tmp directory. If there is not enough space in this directory, install-sd will
fail. To determine if /var/tmp has adequate space, enter:
bdf /var/tmp
Command Notes
• The command returns a value of 0 to indicate successful completion and a value of 1 to indicate
an error.
• An install-sd session writes messages for major tasks and the begin and end of each session.
All WARNING and ERROR conditions are written to stderr.
• Detailed events are logged to /var/adm/sw/install-sd.log
Example
install-sd -s swtest:/var/spool/sw
Access Control Lists A structure attached to a software object that defines access permissions for multiple users and
(ACL) groups. It extends the permissions defined by the HP-UX file system’s mode bits by letting you
specify the access rights of many individuals and groups instead of just one of each.
Administrative See local host.
Host
Agent The agent (swagent) runs on the local host. It services all selection, analysis, execution and status
requests. It is scheduled by the daemon and guided by the SD-UX controller.
Alternate Depot A depot directory located someplace other than the default location.
Directory
Alternate A Target for software installation, where the Target is not the primary Root (/) and where the
Root/Alternate software can be stored or referenced, but not configured or used.
Root Directory
Analysis/Analysis The second phase of a software installation, copy, or remove operation, during which the host
Phase executes a series of checks to determine if the selected products can be installed, copied, removed,
or verified on the host. The checks include the execution of check scripts and disk space analysis
(DSA).
Ancestor An attribute that names a previous version of a fileset. This is used to match filesets on a target
system. If the match_target option is set to true, SD-UX matches the ancestor fileset name to
the new fileset name.
Applied The state in which a patch is installed. When a patch is installed, by default it has the
patch_state of applied. Other patch states include committed and superseded and
committed/superseded.
Architecture A keyword that represents the operating system platform on which the product runs.
Archive file A .o file that needs to be replaced in an existing archive using the ar command. Used for patch
files.
Ask An operation in which SD-UX runs an interactive request script to get a response from the user.
Request scripts can be run by the swask, swconfig, and swinstall commands.
Attributes Information describing a software object’s characteristics. For example, product attributes include
revision number, tag (name), and contents (list of filesets). Fileset attributes include tag, revision,
kernel, and reboot. File attributes include mode, owner, and group. An essential part of the
Product Specification File, attributes include such information as the product’s short name or tag,
a one-line full name title or a one paragraph description of the object. Other attributes include
a multi-paragraph README file, a copyright information statement and others.
Authorization In SD-UX security, checking that a user has the necessary permissions to perform a specific action,
as defined by an Access Control List.
277
C
Cache File A file that contains the name and attributes of targets selected by swinstall or swcopy.
Catalog/Catalog An area within a depot that contains all the information needed by SD-UX to define the
directory organization and contents of the products stored in the depot. It includes a global INDEX file and
a directory of information for each product version in the depot. It is sometimes referred to as the
catalog directory.
Category This keyword defines the “category” attribute for the product object. It refers to the type of software
being packaged.
CD-ROM Compact Disc-Read Only Memory or a SD-UX depot that resides on a CD-ROM.
Centralized See remote operations.
management
Checkinstall script An optional, script associated with a product or fileset, executed by swinstall during the analysis
phase. The result returned by the script determines if the fileset can be installed or updated.
Checkremove An optional script associated with a fileset that is executed during the swremove analysis phase.
script The result returned by the script determines if the fileset can be removed.
checksum Cyclic Redundancy Check (CRC), a computed value that is compared with stored data to tell if
a file has been corrupted during transfer.
CLI Command Line Interface. See Command Line User Interface.
Client Usually refers to diskless server computer. Previous versions of SD-UX supported diskless clients.
CLUI See Command Line User Interface. All SD-UX commands can be run from the command line. See
also GUI, TUI, and IUI.
Codeword To protect software from unauthorized installation, HP (and other vendors) use special codewords
and customer identification numbers to lock the software to a particular owner. These codewords
and customer IDs are provided to you when you purchase the software or receive it as update.
Command line Optional parameters for a command entered with the command itself at the HP-UX command line
options prompt. See also default options.
Command Line Text-formatted commands and options entered at an HP-UX command line prompt or executed
User Interface by a script. SD-UX also has a Graphical User Interface (GUI) and a Terminal User Interface (TUI)
(CLI/CLUI) for the sd, swinstall, swcopy, swlist, and swremove commands.
Committed The state in which a patch is applied and rollback files have been deleted. Other patch states
include applied and superseded and committed/superseded.
Committed/superseded
A patch state in which the patch is both committed and superseded.
Compatibility The ability of swinstall to filter the software available from a source according to the host’s uname
Filtering attributes. Software products are created to run on specific computer hardware and operating
systems. Many versions of the same products may exist, each of which runs on a different
combination of computer hardware and operating system. By default, swinstall does not allow
selection and installation of incompatible software.
Compatible A software product that will operate on a given hardware system. Software that passes
Software compatibility filtering for a local host. Also see Incompatible Software.
Configure Script An optional script associated with a fileset and automatically executed by swinstall (or manually
executed by swconfig) after the installation of filesets is complete.
Container ACL A special ACL (global_soc_template) that is used to create initial ACLs for depot and roots.
Template See also product ACL template.
Contents A keyword used to assign filesets to subproducts. This allows a fileset to be contained in multiple
subproducts.
Control Script Optional scripts packaged with software or added to software by modifying the IPD. Control
scripts are run during swconfig, swinstall, swremove, or swverify operations. Control scripts may
include: configure or unconfigure for swconfig; checkinstall, preinstall, postinstall and configure
scripts for swinstall; the checkremove, unconfigure, preremove, and postremove scripts for
swremove; and the fix or verify script for swverify.
278 Glossary
Controller The SD-UX programs or commands (swinstall, swcopy, etc.) that are invoked by the user on the
local host and that direct the actions of an SD-UX agent.
Copyright A keyword that defines the copyright attribute for the destination depot (media) being
created/modified by swpackage. It refers to the copyright information for the software product.
Corequisite A dependency in which a fileset requires that another fileset be installed or configured at the
same time. For example, if fileset A requires that fileset B is installed at the same time, fileset B
is a corequisite.
Critical Fileset A fileset containing software critical to the correct operation of the host. Critical filesets are those
with the reboot and/or kernel fileset flags. During swinstall’s load phase, critical filesets are
loaded and customized before other filesets.
Cumulative patch See superseding patch.
Daemon The SD-UX program that schedules the agent to perform software management tasks. On a SD-UX
controller, the daemon polls the job queue for scheduled jobs.
data_model_revision
The internal attribute for SD-UX INDEX file syntax. Layout_version 1.0 uses data_model_revision
2.40; whereas, layout_version 0.8 uses data_model_revision 2.10.
DCE Distributed Computing Environment. Technology used by SD-UX for distributed communications.
Controllers, daemons, and agents communicate using the DCE Remote Procedure Call (RPC).
Default Hosts File The file (either/var/adm/sw/defaults.hosts for system level defaults) or $HOME/.sw/
defaults.hosts for user level defaults) that contains the default list of hosts for SD-UX
commands.
Default Options Changeable values that affect SD-UX command behaviors and policies. Default options are
contained in the defaults file. See Appendix A (page 235) for more information.
Defaults File The file (either /var/adm/sw/defaults for system-wide defaults or $HOME/.sw/defaults
for user- level defaults), which contains the default options and operands for each SD-UX command.
Delegation SD-UX provides a controlled access to depot-resident products: both the host where the agent is
running and the user initiating the call (delegation) must have read access.
Dependency A relationship between fileset in which one requires another in a specific manner. For example,
before fileset A can be installed, it may require fileset B to be installed. SD-UX supports corequisite,
exrequisite, and prerequisite dependencies. See Dependent.
Dependent A fileset that has a dependency on another fileset. For example, if fileset A depends on fileset B,
then B is a dependent or has a dependency on A.
Depot A repository of software products and a catalog, organized so SD-UX commands can use it as
a software source. The contents of a depot reside in a directory structure with a single, common
root. A depot can exist as a directory tree on a SD-UX file system or on CD-ROM media, and it
can exist as a tar archive on a serial media (tape). All depots share a single logical format,
independent of the type of media on which the depot resides. Depots can reside on a local or
remote system. You can package software directly into a depot or copy packaged software into
the depot from elsewhere.
Depot Source See depot.
Description An attribute for products and filesets, usually a paragraph description of that product or fileset.
Destination The path at which a file will be installed.
Details Dialog In the GUI or TUI, a dialog box that lets you get more information about a specific process to
monitor its progress.
Developer Host A system where software application files are placed for further integration and preparation for
distribution. You may use a developer host to assemble, organize, and create product tapes or
depots.
Directory In packaging, a keyword that defines the a directory for a product object. The directory specified
is a default, absolute pathname to the directory in which the product will be installed.
Directory Depot The directory on a target host where a depot is located. The default is /var/spool/sw.
279
Disk Space A process that determines if a host’s available disk space is sufficient for the selected products
Analysis (DSA) to be installed.
Downdating Overwriting an installed version of software with an older version.
DSA See Disk Space Analysis
End An optional keyword that ends the software object specification in a PSF. No value is required.
Exrequisite A dependency in which a fileset requires the absence of another fileset before it can be installed
or configured. For example, if fileset A cannot be installed or configured if fileset B is already
installed, fileset B is an exrequisite for fileset A.
Graphical User An OSF/Motif ™ user interface, with windows and pull-down menus, provided with the sd,
Interface (GUI) swinstall, swcopy, swlist, and swremove commands. See also the Command Line User Interface
(CLUI) and Terminal User Interface (TUI).
Group In SD-UX security, a set of users.
Group Name In SD-UX security, the user’s primary group.
GUI See Graphical User Interface.
HOME A variable that contains the path of the current user’s local log-in directory.
Host A computer system upon which SD-UX operations are performed. See local host and controller.
Host ACL The ACL that is attached to and controls access to the host object.
Incompatible Software products are created to run on specific computer hardware and operating systems.
Software Many versions of the same products may exist, each of which runs on a different combination of
hardware and operating system. Incompatible software does not operate on the host(s) because
of the host’s computer hardware or operating system. The default condition in swinstall is to
disallow selection and installation of incompatible software.
INDEX/INDEX file In packaging, an INDEX file defines attribute and organizational information about an object
(for example, depot, product, or fileset). INDEX files exist in the depot catalog and the Installed
Products Database to describe their contents.
INFO An INFO file provides information about the files contained within a fileset. This information
includes type, mode, ownership, checksum, size, and pathname attributes. INFO files exist in the
depot catalog and the Installed Products Database to describe the files contained in each existing
fileset.
Input Files Defaults files, option files, software selection files, target host files, and session files that modify
and control the behavior of the SD-UX commands.
install-sd A command that lets you install the SD-UX product from media or a depot onto a workstation or
server. You may need to install SD-UX if the version on your system is corrupted or deleted. This
command, along with update-ux, replaces the older swgettools command.
Installed Product A product that has been installed on a host so that its files can be used by end-users, as opposed
to a product residing in a depot on a host’s file system. Sometimes referred to as an available
product.
Installed Products Describes the products that are installed on any given host (or within an alternate root). Installed
Database (IPD) product information is created by swinstall, and managed by swmodify. The contents of an IPD
reside in a directory structure with a single common root.
280 Glossary
Instance_ID A product attribute in the Installed Products Database (IPD) that lets you uniquely identify products
with the same tag (name) or revision.
IPD See Installed Products Database.
IPv6 address IPv6 address is the next generation network address format. It is a 128-bit address represented
as eight fields of up to four hexadecimal digits. A colon (:) separates each field. An example of
an IPv6 address is 3ffe:ffff:101::230:6eff:fe04:d9ff.
Is_Locatable In packaging, a keyword that defines whether a product can be installed to an alternate product
directory or not. If specified, the attribute is set to a value of true. If not specified, the attribute is
assigned a value of false.
IUI Interactive User Interface, a generic term that can mean either the Graphical User Interface (GUI)
or the Terminal User Interface (TUI).
Job A SD-UX task created by the swinstall, swcopy, swremove, swverify, or swconfig commands. You
create, monitor, schedule, and delete jobs using the Job Browser. You can also monitor jobs
using the swjob command.
Job Browser A GUI program that lets you create, monitor, schedule, and delete jobs. The GUI is activated by
the sd command. You can also monitor jobs using the swjob command.
Job ID Unique numbers generated by SD-UX to identify jobs.
Kernel Fileset A fileset that contains files used to generate the operating system kernel. During the swinstall load
phase, kernel filesets are loaded and customized before other filesets.
Keyword In packaging, a word (or statement) that tells swpackage about the structure or content of the
software objects being packaged by the user. Packaging information is input to swpackage using
a Product Specification File.
Load/Load Phase The third phase of a software installation or copy operation; when swinstall and swcopy load
product files on to the host; and when swinstall performs product-specific customization.
Local Host The host on which SD-UX commands are being executed. Sometimes called the administrative
host. The local host executes the controller, which may direct operations on multiple remote
systems when remote operations are enabled.
Locatable Product A product that can be relocated to an alternate product directory when it is installed. If a product
is not locatable, then it must always be installed within the defined product directory.
Logging Each SD-UX command records its actions in log files (the swlist command is an exception).
The default location for the various log files is /var/adm/sw/<command>.log
Machine_Type In packaging, a keyword that type of systems on which the product will run. If not specified, the
keyword is assigned a wildcard value of * (meaning it will run on all machines.) If there are
multiple machine platforms, you must separate each machine designation with a | (vertical bar).
Make Tape Phase In packaging software to a distribution tape, this phase actually copies the contents of the
temporary depot to the tape.
Media Physical data storage media on which software is stored, such as tape, CD-ROM, or DVD.
Minfree Minimum Free Threshold, the minimum amount of free disk space required to store products being
packaged.
multi_stream See multiple architecture.
Multiple A single product that contains different versions of the same fileset.
Architecture
281
N
Network Source There can be multiple network sources from a single host, each one a different depot served by
that host’s single swagentd daemon. A network source is identified by the host name and depot
directory.
Nodes Another name for client host. See Client.
Number In packaging, a keyword that defines the part or manufacturing number of the distribution media
(CD or tape depot).
Object The pieces of software that SD-UX packages, distributes, installs, and manages. There are three
classes of objects: software (installed on target roots or available in depots), containers (depot,
roots, alternate roots), and jobs.
OS Operating System.
owner An attribute indicating the owner of the file (string).
Package Installable SD-UX format software created with swpackage. Packaged software can be placed
in a depot for distribution.
Package Building A phase where swpackage builds source files and information into a product object, and inserts
Phase the product into an existing depot. If the depot does not exist, swpackage creates a new depot
but does not register it.
Package Selection In packaging, reading the product_specification_file to determine the product,
Phase subproduct and fileset structure; the files contained in each fileset; and the attributes associated
with these objects.
Packager The swpackage program, which packages software for later distribution to Target systems.
Packaging The task of creating a package.
Patch Software designed to update specific bundles, products, subproducts, filesets, or files on your
system. There are point patches and superseding (cumulative) patches. By definition, patch
software is packaged with the is_patch attribute set to true.
Path An attribute that specifies the full pathname for a file.
Point patches Patches that patch separate parts of the same base fileset.
POSIX POSIX 1387.2-1995 IEEE standard, on which SD-UX is based.
Postinstall Script An optional, script associated with a fileset that is executed by swinstall after the corresponding
fileset has been installed or updated.
Postremove Script An optional, script associated with a fileset that is executed by swremove after the corresponding
fileset has been removed.
Preinstall Script An optional, script associated with a fileset that is executed by swinstall before installing or
updating the fileset.
Preremove Script An optional, script associated with a fileset that is executed by swremove before removing the
fileset.
Prerequisite A dependency in which one fileset requires another fileset to be installed or configured before
the first fileset can be installed or configured. For example, fileset A may require that fileset B is
installed before fileset A can be installed. Therefore, fileset B is a prerequisite for fileset A. See
dependency, corequisite, and exrequisite.
Primary Root A system on which software is installed and configured.
Principal In SD-UX security, the user (or host system, for agents making RPCs) that originates a call to
another system.
Product A collection of subproducts and/or filesets.
Product ACL In SD-UX security, the ACL used to initialize the ACLs that protect new products on depots that
Template are created by the host.
282 Glossary
Product Directory The root directory of a product object, in which most of its files are contained. You can change
(relocate) the default product directory when you installing a locatable product.
Product An input file that defines the structure and attributes of the files to be packaged by swpackage.
Specification File
(PSF)
Product Version A depot can contain multiple versions of a product. Product versions have the same tag attribute,
but different version attributes. The installed products database supports multiple installed versions
of a product. Installed versions have the same tag attribute, but different version attributes or a
different product directory.
Protected software Software that you cannot install or copy unless you provide a codeword and customer ID. (These
are found on your software certificate in your media kit.) You can use codeword-protected software
only on systems that for which you have a valid license to use that software.
PSF See Product Specification File.
Pull Getting software products from a depot to be installed or copied onto the local system. See also
push.
Push Performing software management (usually installing or copying) on multiple remote target systems
from a central controller. See remote operations.
Readme This keyword defines the “readme” attribute for the product object. A text file of the README
information for the product; either the text value itself or a file name that contains the text.
Realm In SD-UX security, the scope of the authority by which the principal is authenticated.
Register/Registration
A process that determines what depots are available on a given host and makes them available
for use. Registration information consists of the depot or root’s identifier (its path in the host file
system). This information is maintained by the daemon which reads its own file at start-up.
Remote Host A Host other than the one on which the SD-UX commands are being executed.
Remote Operations Performing operations on remote systems from a single controller system. Remote operations must
be enabled. (Also called centralized management or single point administration.) See Chapter 7:
“Remote Operations Overview” (page 119) for more information.
Remote Procedure Refers to the operations with Agents on a remote computer.
Call (RPC)
Request script An interactive control script that gets a response from the user. A request script prompts the user
for a response, reads the user’s answer, and stores the results in a response file. Request scripts
can be run by the swask, swconfig, and swinstall commands.
Response file A file that is generated by an interactive request script and contains the user’s response.
Revision This keyword defines the “revision” attribute for the product object. The revision information
(release number, version) for the product.
Root The root directory of a system (/). See Root Directory.
Root Directory The directory on a target host in which all the files of the selected products will be installed. The
default (/), can be changed to install into a directory that will eventually act as the root to another
system. See Alternate Root Directory.
RPC Remote Procedure Call. DCE technology for distributed communications and data transfer.
sd The command that invokes the Job Browser, a GUI program that lets you create, monitor, schedule,
and delete jobs. The swjob command lets you monitor jobs from the command line. You can also
activate the Job Browser with the swjob -i command.
SD format See SD-UX format.
SD-UX format The format and syntax of SD-UX software in depots.
283
Secret In SD-UX security, a password used to verify the authenticity of the caller’s host. SD-UX manages
sets of hosts by restricting and changing the default secret on all controller and target hosts in
the network. See shared secrets file.
Security Controlling access to software objects. In SD-UX, security is achieved by a combination of Access
Control Lists (ACLs) associated with objects and commands, and the security inherent in the file
system permissions on which the software is stored. See Access Control List.
Selection, Selection The first phase of a software installation, copy, remove, or verify operation, during which the
Phase user selects the software products to be installed, copied, or removed from the host.
Server A system on the network that acts as a software source for other systems on the network.
Session/Session Each invocation of a SD-UX command defines a session. Most SD commands let you use the -C
File session_file option to save command options, source information, software selections, and
host selections and reuse this information with the -S session_file option. You can also save
and reuse session information from the GUI programs.
Shared Secrets File In SD-UX security, a file containing the passwords used to encrypt and decrypt distributed
communications for added security.
Single Point The ability to simultaneously distribute to, manage, or monitor multiple remote targets from a
Administration single controller system. See remote operations.
(SPA)
Software depot An SD-UX format structure that contains one or more software products that can be installed on
other systems or copied to other depots.
Software file An input file of previously defined software selections to be used as operands for a command.
You specify a software file with the -f software_file command line option.
Software group A group of software selections read or saved from the GUI programs.
Software object The objects packaged, distributed, installed, or managed by SD-UX. A software object may be
a file, fileset, bundle, or product. Most operations are performed on filesets.
Software selection A group of software objects you have selected for an operation. You can save these software
selections for later reuse. See software group.
Software Selection A GUI window that lets you select the software files you want to install, copy, or remove.
Window
Software source A depot used as the source of a swinstall or swcopy operation.
Source See software source.
SPA See Single Point Administration.
Staged installation See staging.
Staging A way of setting up intermediate depots that are local to each group of targets on local area
networks. This can reduce the amount of network traffic.
State An attribute that indicates the current state of the fileset. During installation, software is transitioned
through the following states: non-existent, transient, installed, and configured. During removal,
software is transitioned through these states: configured, installed, transient, and non-existent. If
a task fails during a transient state, the state is set to corrupt.
Subproducts An optional grouping of filesets, used to partition a product that contains many filesets or to offer
the user different views of the filesets.
Superseded The state in which a patch was applied but was then replaced by a superseding patch. Other
patch states include applied and committed.
Superseding patch A patch that supersedes all previous patches to a given fileset.
SW-DIST A software product that provides all of the SD-UX functionality. SW-DIST is included on your
HP-UX 11i media. If SW-DIST is damaged, missing, or corrupted on your system, you cannot
install or copy any HP-UX software that is packaged in the SD-UX format, including a newer
SW-DIST product. You can re-install SD-UX with the install-sd command.
swacl A SD-UX command that allows you to modify Access Control List permissions that provide software
security.
swadm In SD-UX security, the default user identification group.
284 Glossary
swagent The SD-UX agent program that makes changes to depots and roots. It is directed by the controller
and scheduled by the daemon
swagentd The SD-UX daemon that provides various services, including: initiation of communication between
the controller and agent; serving one or more depots to multiple requesting agents on remote
hosts.
swask A SD-UX command that lets you run an interactive request script to get a response from the user.
Request scripts can also be run by the swconfig and swinstall commands.
swconfig A SD-UX command that configures previously installed software and make the software ready
for use.
swcopy A SD-UX command that copies software from a software source to a depot or from one depot to
another. The swcopy command can add products to an existing depot, replace products already
on a depot, or create a new depot.
swgettools A SD-UX command used in previous HP-UX releases to install the new SW-DIST product from
media. This command has been replaced by install-sd and update-ux.
swinstall A SD-UX command that installs software. swinstall may also perform software configuration.
swlist A SD-UX command that lists software objects, their attributes, and their organization. It lists both
installed software and software contained within a depot.
swlock A file that contains the read or write access to software objects and ACLs.
swmodify A SD-UX command that lets you change information in the installed products database or depot
catalog files.
swpackage A SD-UX command that uses a product specification file (PSF) to organize software products and
package them into a depot. The depot can be accessed directly by SD-UX commands or mastered
onto CD-ROM or tape.
swreg A SD-UX command used to register or unregister depots.
swremove A SD-UX command that removes previously installed software or removes packaged software
from a depot.
swverify A SD-UX command that verifies installed software or depot software for correctness and
completeness.
Systems Computers, either stand-alone or networked to other computers. See local host.
Tag In packaging, a keyword that defines the distribution tag or software object’s name attribute for
the destination depot (media).
Tape Depot A software depot stored in a tar (tape archive) format. Within the tape depot, the archive, directory
and file entries are organized using the same structure as any other SD-UX format depot. Tape
depots such as cartridge tapes, DAT and 9-track tape are referred to by the file system path to
the tape drive’s device file.
Tape Media Software media that uses tar to store SD-UX software products and control files. It usually resides
on a serial media such as a DDS, cartridge, nine-track, or other tape, though it can also be a
regular file that contains the tar archive. Within the tar archive, directory and file entries are
organized using the same structure as any other depot.
Tape Source See tape depot.
Target Any system on which software is to be installed or managed with SD-UX. There are typically
multiple targets on a network, identified by system name, network address, user name, or by a
user group. Targets can contain a primary root, an alternate root, or depots. A target may also
be the object of remote operations.
Target Group Most SD-UX commands let you use the -t target_file option to read a list of previously
defined target selections as operands for the command. You can also read or save target group
files from the GUI programs when remote operations are enabled.
Target Selection A group of systems or software objects that you have selected as targets for an operation. You
can save these selections for later re-use. See target group.
Title A one-line, full name attribute that identifies the product with a title.
285
TUI Terminal user interface. A character-based display with windows and pull-down menus that works
on ASCII terminals. The TUI uses the keyboard to navigate (no mouse). See also Command Line
User Interface and Graphical User Interface.
TUI See Terminal User Interface.
UDP/IP User Datagram Protocol. Comparable with TCP/IP, but runs connections less and is intended to
be used in more reliable network environments (LAN).
Uname Attribute When a target is contacted for a software management operation, the system’s four uname
attributes (operating system name, release, version and hardware machine type) are obtained.
Used to determine software compatibility with the proposed host.
Unconfigure Script An optional script that undoes the configuration done by the configure script. Unconfigure scripts
are associated with filesets and are automatically executed by swremove before the removal of
filesets begins. You can also run unconfigure scripts with swconfig.
Unregister Using the swreg command to remove the registration of a depot. This makes the depot unavailable
to network access.
Update Overwriting software objects already installed on the system and replacing them with new objects.
update-ux A command that automates part of the HP-UX update process. It replaces the swgettools script
used in previous versions of SD-UX. The install-sd updates the SD-UX product without performing
an OS update.
User name The user (or host system for agents making remote procedure calls (RPCs) to other agents) that is
originating the RPC call.
UUID In packaging, a keyword that for the vendor object. Useful for NetLS vendors and for those who
want to select products from two vendors who have chosen the same vendor_tag.
V-Z
Vendor If a vendor specification is included in the PSF, swpackage requires the vendor and tag keywords.
Vendor_tag Associates the product or bundle with the last-defined vendor object, if that object has a matching
tag attribute.
Verbose Listing A listing that is used to display all attributes for products, subproducts, filesets, or files.
286 Glossary
Index
overview, 145
Symbols packaging, 201
$HOME/.sw/sessions/ directory, 39 permissions, 156
*systemFont, 34 product, 157, 159
*userFont, 34 root, 156, 158
-C option, 47, 56, 60, 65, 75, 82, 92, 96, 115, 198, samples, 153
227 superuser access, 154
-f option, 36, 47, 56, 60, 65, 66, 75, 82, 92, 96, 115, swacl command, 146
198, 227 templates, 159
-i option, 47, 92, 115 user, 155
-p option, 47, 56, 82, 92 warning, 153
-r option, 47 actions menu, 43, 79
-S option, 47, 56, 60, 66, 75, 82, 92, 96, 115, 198, add software group, 80
227 adding
-s option, 47, 66, 92, 227 disk space requirements, 210
-t option, 37 adding sources, 32, 43, 88
-u option adding target groups, 123
swconfig, 56 adding target host, 152
-x codeword=, 51 advertising depots, 95
-x customer_id=, 51 agent option, 236
-x option, 47, 56, 60, 66, 75, 82, 92, 96, 115, 198 agent polling, 267
/ (root directory), 41 agent_auto_exit, 236
/var/adm/sw/defaultsor $HOME/.sw/defaults file, 38, agent_timeout_minutes, 236
235 agents
/var/adm/sw/products file, 75 handling controller requests, 164
/var/adm/sw/software/ directory, 36, 37 privileges, 163
/var/spool/sw/catalog file, 75 security, 161
/var/tmp directory, 271 swagent, 20
@ ("at") sign, 37 UNIX, using alternate sources, 141
allow_downdate, 237
A allow_incompatible, 52, 237
abort copy/install, 47 allow_incompatible default
access enforcement, 96 for swconfig, 53
access to files, 161 allow_large_files, 237
access, granting, 150 allow_large_serial_depot, 237
ACL allow_multiple_versions, 95, 144, 237
any_other, 155 allow_multiple_versions default, 52
command options, 146 allow_partial_bundles, 237
creation, swpackage, 202 allow_split_patches, 238
default template entries, 160 alternate root
definition, 154 directory, 41
denied access, 264 installing to, 52
depot, 156, 158, 265 option -r, 47
editing, 153 removing software from, 84
effects of modification, 264 alternate sources, using, 141
entry fields, 154 alternate_source, 238
errors, 153 analysis
group, 155 progress and results, swremove, 81
header, 147 Analysis Dialog, 44, 80, 90
host, 157 analyzing
key values, 155 removal, 80
manager, 164 app-defaults file, 34
matching, 154 architecture field, 75
modifying ACL files without using swacl, 265 ask option, 238
object_group, 155 ask=, 238
object_owner, 155 assigning management responsibility, 166
287
attributes column editor in Job Browser, 27
definition, 63 command lines, executing, 34
listing, 250 command options
sample, 73 alphabetic list of, 236
audience for this guide, 13 changing, 37, 235
authorization, depot, 96 editor, 29
authorization, RPC, 164 job-related, 116
auto_kernel_build, 238 precedence, 235
automatic recovery, 239 commands
automatic scrolling, 45, 81, 90 description, 19
autoreboot, 238 overview, 19
autorecover, 50, 239 SD-UX, 19
autorecover_product, 239 communication failure, 46, 91
autorecover_product= default, 50 compatibility filtering, 52
autoremove_job, 117, 239 compress_cmd, 241
autoselect_dependencies, 239 compress_files, 140, 241, 265
autoselect_dependencies=true option, 22 compress_index option, 241
autoselect_dependents, 239 compression, 140
autoselect_minimum_dependencies, 240 compress_index option, 241
autoselect_patches, 240 performance, 265
autoselect_reference_bundles, 240 compression_type, 241
config_cleanup_cmd, 242
B configuration
bundles, 20, 172 phases, 54
busy files, swremove, 78 samples, 57
configure cleanup, 242
C Configure Phase, 55
catalog files, 21, 74, 75 configure script, 208
editing, 21, 75 details, 219
CD-ROM executing, 55
depot, 201 CONFIGURED state, 53
mastering to, 201 configuring after installing, 143
change container ACL templates, 159, 160
command options, 37, 235 control script
default option, -x, 47, 56, 60, 66, 75, 82, 92, 96, details, 217
115, 198 environment variables, 213
IPD or catalog files, 74 execution of other commands, 222
source, 43 file management, 224
source dialog box, 43 format, 211
target, 80 guidelines, 211
check volatile=, 241 input and output, 222
check_contents_uncompressed, 240 location, 212
check_contents_use_chksum, 240 location and execution of, 216
check_permissions, 240 must run as superuser, 161
check_requisites, 241 request, 208, 212, 221
check_scripts, 241 shells, 211
check_volatile option, 191 swask command, 227
checking testing, 224
dependencies, 58 types, 208
states of versions, 58 types supported, 172
checkinstall script, 208 unpostinstall, 142
details, 217 unpreinstall, 142
checkpointing, 140 writing, 207
checkremove script, 208 control_files, 242
details, 220 controller, 119
client, definition, 19 controller log file, 249
client/server, 17 controller privileges, 163
codewords, 23, 241 controller_source, 242
using, 43, 51, 70, 89, 95 controlling access, 161
288 Index
copy bundles, 20
dialog, 92 catalog files, 21, 74
copying software client, 19
depots, 87 corequisite, 23
icon in Job Browser, 107 depot, 19, 85
Job Browser, 114 fileset, 20
corequisite, 23, 188 host, 19
definition, 23 Installed Products Database, 21, 74
CORRUPT state, 54 local host, 19
cpio tape format, 197 locatable products, 52
create_target_acls, 201, 242, 265 nodes, 19
create_target_path, 242 prerequisite, 23
create_time_filter option, 242 product, 20
creating a job, 110 server, 19
creating jobs, 114 session files, 39
creation time, 252 software objects, 20
credentials, 162 software selection files, 36, 37
crwit, 156 subproduct, 20
custom lists, 69 system, 19
customer identification number, 243 tags, 75
customer IDs, using, 51, 70, 95 target, 19
customer_id, 243 uname attributes, 75
customer_id, using, 51, 70, 95 delegation, 165
customer_ids, 23 denied access, troubleshooting, 264
dependencies, 22, 53, 58, 243
D swconfig, 54
daemon, 20 swcopy, 87
restarting, 38, 235 dependents, 239
daemon logfile, 267 depot
daemon/agent, 119 ACL control, 156
privileges, 163 ACL permissions, 158
DCE runtime library, 162 advertising, 95
DCE-less operation, 162 authorization, 96
default cannot read, 268
option values, 37, 235 CD-ROM, 201
policy setting, 38, 235 copying, 87
precedence, 37, 235 definition, 19, 85
swlist, 69 directory, 86
values, changing (swask), 228 distribution, 19, 85
values, changing (swconfig), 56, 199 images, 265
values, changing (swcopy), 93 listing, 100
values, changing (swinstall), 48, 115 listing contents, 100
values, changing (swlist), 67 lists, 72
values, changing (swmodify), 77 management, 85
values, changing (swreg), 96 multiple, 86
values, changing (swremove), 83, 147 on remote file systems, 204
values, changing (swverify), 60 registering, 95
default options, listing of, 61, 67, 78, 83, 94, 97, 147, registration, 95
199, 228 removing software from, 79, 102
default secret, replacing, 265 secure registration, 165
default template ACL entries, 160 swreg command, 96, 97
default values, changing, 38, 235 tape, 86
defaults.hosts file, 122 unregistered, 95, 165
defer_configuration, 243 unregistering, 95
defer_configure default, 53 description file, 43, 80, 89
defer_configure option, 143 developers, security for, 166
definition development depots for testing purposes, 167
architecture field, 75 direct access to Support Plus, 95, 97
attributes, 63 directory
289
/var/tmp, 271 UNIX packaging, 267
directory depot, 86 WAN connection timeouts, 266
directory mapping, 191 examples
directory structures, 171 command options, 38
disk space request script, 229
analysis, 267 session file, 39
analysis by swpackage, 196 swask, 229
analysis dialog, 45 swconfig, 57
button, 45, 46, 90, 91 swmodify, 78
failure, 46, 91 swremove, 83
space files, 210 swverify, 61
specifying requirements, 210 exclude file, 194
diskless clusters, 17 excluded
distribution depot specification, 181 due to errors, 46, 91
distribution directory, 243 from task, 46, 91
distribution tape, 249 exrequisite, 188
distribution tape format, 197
distribution tape, creating a, 198 F
distribution_source_directory, 243 f1 key, Help, 33
distribution_target_directory, 243 failed operations, 261
distribution_target_serial, 243 features, swpackage, 198
documentation file
manpages, 19 catalog, 21, 74
double click, 31 compression, 140
defaults.hosts, 122
E exclude, 194
enablement include, 194
direct access, 95, 97 level checks, swverify, 58
enforce_dependencies, 243 level specifying (swlist), 71
enforce_dependencies default, 22 response, 221, 227
swconfig, 53 secrets, 163
enforce_dsa, 243 session, 39
enforce_kernbld_failure, 244 shareable, 171
enforce_locatable, 244 software, 36
enforce_scripts, 244 space, 210
enforce_selections, 244 target, 37
environment variables file menu, 108
control scripts, 213 file specification, 189
LANG, 213 explicit, 191
LC_ALL, 214 recursive (implicit), 193
error message, control scripts, 211 file structures, 171
errors file system mounting, 250
ACL, 153 file system protection, 161
cannot read tape depot, 268 files option, 244
daemon logfile, 267 fileset, 20
denied access, 264 level, specifying (swlist), 71
disk space analysis is incorrect, 267 product structure, 172
GUI will not start, 263 specification, 186
installation fails, 268 filesystem structure
installing a fileset, 140 SD-UX agent, 273
messages, 261 SD-UX controller, 274
network, 266 filter, 28
PSF syntax, 196 fix, 244
reading the PSF, 175 fix script, 208
represented in Job Browser, 107, 111 flag
resolving, 261 "yes", 25
RPC timeouts, 266 Marked?, 43, 80, 89
swpackage, 193, 194 follow_symlinks, 244
troubleshooting, 261 fonts
290 Index
fixed width, 34 install_setup_cmd, 245
variable width, 34 installation see install
Installed Products Database see IPD
G INSTALLED state, 53
global_product_template, 148, 152, 159 installed_software_catalog, 245
global_soc_template, 148, 159 inter-host secrets, 265
go up, 31 interactive option, -i, 47, 63, 92, 115, 132
Graphical User Interface (GUI), 19, 23, 42, 79, 87 intermediate depots, 141
swlist, 63, 132 internal authentication, SD, 162
group interpreter, script, 210
access, 162 IPD, 21, 74, 274
ACL, 155 editing, 21, 75
GUI is_kernel attribute, 186
will not start, 263 is_locatable attribute, 183, 186
GUI and TUI is_reboot attribute, 51, 186
swlist, 63
J
H Job Browser
help actions you can perform, 110
f1 key, 33 copy icon, 107
menu, 33 copying jobs, 114
on-line, 33 description, 106
host description of icons, 106
definition, 19 install icon, 107
re-using in Job Browser, 114 invoking, 105
host ACL, 160 job with warnings icon, 107
permissions, 157 properties, 109
hosts keyword, 122 re-using a source or target, 114
HP-UX SD Controller remove job, 114
definition, 119 remove job icon, 108
scheduled job icon, 107
I security checks, 167
images, depot, 265 showing errors, 108, 111
include file, 194 job description, 113
include_file_revisions, 245 job log, 113
input files, 50 job results, 111
insert permission, 96 job_title, 117, 246
install jobs
analysis, 43, 80, 89 monitoring from command line, 114
compatibility filtering, 52 options, 116
dialog, 47, 81 re-using job information, 114
failure, 268 removing with swjob, 115
icon in Job Browser, 107
PC, staging, 141 K
preferences, 129 kernel
recovery, 142 rebuilding, 41
restricting, 166 rebuilding for swcopy, 87
retries, 138 kernel build, 244
retrying, 139 kernel fileset, 236
staged, 141 kernel_build_cmd, 246
UNIX, staging, 141 kernel_path, 246
UNIX, using alternate sources, 141 keyword syntax, PSF, 175
UNIX, with separate configure, 143 keywords
install-sd checkinstall script, details, 217
options, 271 checkremove script, details, 220
supporting files, 271 configure script, details, 219
syntax, 271 postinstall script, details, 218
updating SD with, 271 postremove script, details, 221
install_cleanup_cmd, 245 preinstall script, details, 218
291
preremove script, details, 220 master depot, 141
unconfigure script, details, 219 mastering a depot to a CD-ROM, 201
values, control scripts, 211 Match-What-Target-Has, 43
verify script, details, 219, 220 match_target, 43, 186, 249
matching ACLs to user, 154
L max_agents, 249
LANG environment variable, 213 max_targets, 138, 249
language environment variables, 213, 214 media_capacity, 205, 249
layout_version, 246 media_type, 250
LC_ALL environment variable, 214 menubar, 25
level menus, pull-down, 25
designation, swlist, 65, 70 minimum_job_polling_interval, 250
of detail, swlist, 63 mode bits, 164
level=, 246 modifying default values, 38, 235
level= default, 69, 70 modifying target groups, 123
list monitoring job results, 131
as input to other commands, 63 mount_all_filesystems, 250
depot, 72 mount_cmd, 250
simple, 67 mouse, clicking, 25
verbose, 72 Multi-User mode, 17
listing multiple depots, 86
interactive swlist, 63, 132 multiple tapes, writing to, 205
registered depots, 100 multiple versions, 143
software, 63 in depots, 95
UNIX depot contents, 100 installing, 52
loadorder_use_coreqs, 247 removing, 84
local host swconfig, 54
definition, 19
local superuser, 165 N
local_srp_list, 248 network
locatable products, 52 errors, 266
locked software, 51, 70, 95 problems, 265
log file messages, 248 protocols, 266
log_msgid, 248 network depot, creating, 99
logdetail, 248 network requirements, 17
logfile, 45, 81, 90, 249 network servers, 85
button, 46, 91 network source, 85
swpackage, 200 networking requirements, 17
swremove, 81 nodes, definition, 19
too long, 267 nonprivileged SD, 231
loglevel, 249 limitations, 231
loglevel option, 140 overview, 231
lookupcache_timeout_minutes, 249 packaging requirements, 232
set up, 232
M num_entries value, 265
making tapes (existing depot), 206
management responsibility, assigning, 166 O
managing object list, 25
multiple versions, 52 object permissions, 156
patches, 103 objects, software, 20
manpages, 19 objects_to_register, 250
mark on-line Help, 33
for copy, 79 one_liner, 250
for install, 43, 79 one_liner= default, 69, 70
for remove, 79 open item, 31
marked, 25 option menu, 109
Marked? flag, 43, 80, 89 options
master and intermediate depots, consistency between, alphabetic list of, 236
142 and defaults, swconfig, 77
292 Index
and defaults, swremove, 83 preview option, -p, 47, 56, 82, 92
changing, 37, 235 privileged functions, 161
compress_index, 241 problem solving, 261
create_time_filter, 242 product, 20
editor, 29 description button, 45, 81, 90
job-related, 116 description, swremove, 81
menu, 29 level, specifying (swlist), 70
precedence, 235 summary button, 45, 81, 90
preserve_create_time, 252 product ACL
OS update, 245, 254 control, 157
os_name, 251 permissions, 159
os_release, 251 templates, 159, 160
overview, commands, 19 product specification, 183
Product Specification File see PSF
P Product Summary, swremove, 81
package_in_place, 251 product-location directory pair, 84
packaging product_specification_file (PSF) for swmodify, 75
ACLs, 201 product_template, 159
CD-ROM, 201 products, 172
failures, 267 Products Ready column, 46, 92
for nonprivileged SD, 232 Projected Actions
making tapes, 206 swremove, 81
overview, 171, 195 proof of trustworthiness, 163
registering depots, 200 protected software, 23
remote file systems, 204 protected software, installing example, 51
repackaging, 203 protecting SD objects, 156
security, 201 protocol sequence, 236, 255
writing to tapes, 205 PSF
packaging command, 195 and swmodify, 75
Packaging Specification File (PSF) comment lines, 175
and swmodify, 75 creating, 173
partitioning filesets on multiple tapes, 206 defining default, 258
patch_commit, 251 dependency class, 188
patch_filter, 251 depot class, 181
patch_match_target, 252 directory mapping, 191
patch_one_liner, 252 example, 174
patch_save_files, 252 example file specifications, 193
patches, 240, 251 example permission specifications, 191
managing, 103 exclude files, 194
performance, 137 explicit file specification, 191
permission bits, 161 extensions, 194
permission specification, default, 190 file class, 189
policy-setting, 38, 235 fileset class, 186
polling interval, increasing, 267 include files, 194
polling_interval, 252 keyword value, 175
polling_interval option, 267 keywords, 175
postinstall script, 208 product class, 183
details, 218 quotes, 175
postremove script, 208 recursive file specification, 193
details, 221 subproduct class, 185
pre-specified selections, 47, 92, 115 syntax, 175
preinstall script, 208 vendor class, 182
details, 218 public, 252
preremove script, 208 pull distribution, security in, 166
details, 220 pull-down menus, 25
prerequisite, 23, 188 pushAgent, modifies ACLs at install time, 148
definition, 23
preserve_create_time option, 252 R
preview, 252 re-using packages, 203
293
read permission, 96 restricting installation, 166
README, 69 Resume button, 47
ready, 46, 91 resume copy/install, 47
with errors, 46, 91 retry_interval, 139
with warnings, 46, 91 retry_rpc, 138, 139, 254
realm, 162 retry_rpc_interval, 254
reboot, system, 51 return_warning_exitcode, 255
reboot_cmd, 253 reuse_short_job_numbers, 255
reconfigure, 253 revision attributes, 245
reconfigure=true/false option, 54 rollback, 50
recopy, 253 root
recovering updated files, 50 directory, 41
recovery, 142 root ACL
referenced bundle, 240 control, 156
refresh interval, Job Browser, 109 permissions, 158
register_new_depot, 253 RPC authorization, 164
register_new_root, 253 RPC timeouts, 266
registering depots, 95 rpc_binding_info, 255, 266
reinstall, 253 rpc_binding_info_alt_source, 256
reinstall option, 95, 139 rpc_binding_info_source, 256
reinstall_files, 139, 253 rpc_binding_info_target, 256
reinstall_files_use_cksum, 139, 253 rpc_timeout, 138, 256, 266
reinstalling SD, 271 run level, 17
reliability, 137 Run Level requirements, 17
remote access to Support Plus, 95, 97 run_scripts, 256
remote operations, 119
installing software, 130 S
monitoring job results, 131 samples
overview, 119 copying, 94
preferences, 129 installation, 50
software selection, 127 save session file option, -C, 47, 56, 60, 65, 75, 82, 92,
swlist, 132 96, 115, 198, 227
target selection, 125 save software group, 80
Remote Procedure Call (RPC), 161 saving view information, 29
remove_empty_depot, 254 Scalability, 138
remove_empty_depot_directory, 254 scheduling
remove_obsolete_filesets, 254 icon in Job Browser, 107
remove_setup_cmd, 254 script
removing fix, 208
dialog, 81 interpreter, 210
icon in Job Browser, 108 other, 208
jobs, 115 request, 208, 212, 221
simple, 83 sd
software, 78 invoking, 105
software from an alternate root, 84 security checks, 167
software from depots, 102 SD internal authentication, 162
software Job Browser, 114 SD-UX
repackaging software, 203 commands, 19
request script, 208, 221 manpages, 19
examples, 229 SD-UX controller, 119
keyword, 212 secrets
response file, 221 default, 163
running from swinstall or swconfig, 228 inter-host, 265
swask command, 227 matching, 265
required permissions, troubleshooting, 264 security, 163
resolver command, 265 security
response file, 221, 227 default, 145
restarting the daemon, 38, 235 denied access, 264
restricting access to depots, 151 depots, 96
294 Index
for developers, 166 adding, 88
in "push" installations, 166 adding a, 32, 43
packaging, 201 depot path, 32, 43, 88
pull distribution, 166 host name, 32, 43, 88
UNIX, 161 network, 85
security checks re-using in Job Browser, 114
configuration, 168 Source Option, 138
copying, 167 source_cdrom, 257
installing, 168 source_depot_audit, 257
Job Browser, 167 source_directory, 258
listing, 167 source_file, 258
packaging, 167 source_tape, 258
registering depots, 168 source_type, 258
removal, 168 space files, 210
verifying, 168 Specify Source Dialog, 42, 88
security tasks, 148 SRP, 248
select_local, 257 staged installation, 141
selecting software to copy, 89 staging, 141
selecting software to remove, 79 states of versions, 58
server, definition, 19 structure
session determining product, 172
file, example, 39 software, 171
files, 39 software product, 20
session file option, -S, 47, 56, 60, 66, 75, 82, 92, 96, stty, using to determine character mapping, 37, 133
115, 198, 227 subproduct, 20, 172
setuid root, 202 level, specifying (swlist), 71
shareable files, 171 specification, 185
shared secrets file, 163 superuser
shells, control script, 211 ACL access, 154
show description of software, 43, 80, 89 authorization, 165
show software for selection, 43, 89 privileges, 161
show_superseded_patches, 257 swpackage, 202
single target installation, 125 supporting files
Single-User mode, 17 install-sd, 271
software SW-DIST
dependencies, 22, 53, 58 loading new version, 271
objects, 20 reloading if corrupt, 271
selection file option, -f, 47, 56, 60, 65, 66, 75, 82, SW_CONTROL_DIRECTORY, 214
92, 96, 115, 198, 227 SW_DEFERRED_KERNBLD, 215
selection files, 36, 37 SW_INITIAL_INSTALL, 216
source option, -s, 47, 66, 92, 227 SW_KERNEL_PATH, 216
Software Certificate, 23 SW_LOCATION, 214
software compatibility, 236 SW_PATH, 215
Software Distributor SW_ROOT_DIRECTORY, 215
introduction, 17 SW_SYSTEM_FILE_PATH, 216
software group, 138 swacl, 168
adding, 80 -D option, 153
saving, 80 -F option, 153
software installation, 236 -l depot option, 148
software level, 246 -l host option, 148
software selection -l product option, 148
remote operations, 127 -l root option, 148
Software Selection Window, 43, 89 -M option, 153
software view, 257 command, 146
software view default, 257 listing user access, 148
software=, 257 options, 146
software_view, 257 overview, 17
sorting, 29 swadm group, 147
source, 257 swagent, 20, 119
295
swagentd, 20, 119 swremove
overview, 17 -d option, 82, 102
swask, 169, 227 -i option, 82
examples, 229 -r option, 82
syntax, 227 security checks, 168
swconfig syntax, 82
command, 53 swverify
security checks, 168 -d option, 102
swcopy command, 58
dependencies, 87 depot verification, 102
GUI overview, 87 overview, 17
overview, 17 security checks, 168
security checks, 167 symbolic links see symlinks
swgettools, 271 symlinks, 244
swinstall swremove, 78
disk space analysis, 210 values, swverify, 58
overview, 17 syntax
security checks, 168 install-sd, 271
swjob, 134 swask, 227
command information, 114 swcopy, 92
security checks, 167 swinstall, 47
swlist swjob, 115
-a (attribute) option, 65 swlist, 65
-d option, 65 swmodify, 75
-i option, 63, 65 swremove, 82
-i option for remote operations, 132 system
-l depot option, 100 definition, 19
-l option, 65, 70 system_file_path, 258
-R (shorthand) option, 65 system_prep_cmd, 259
-v (verbose) option, 65
command, 63 T
examples, 68 table of contents, 63
listing depot contents, 100 tag attribute, always listed, 69
listing registered depots, 100 tags, 75
overview, 17 tape
security checks, 167 changing, 47
syntax, 65 depot, 86
swlock file, 75, 275 device, 243
swmodify, 169 partitioning filesets on multiple, 206
-a option, 75 tape formats
-d option, 75 cpio, 197
-P option, 75 tar, 197
-p option, 75 tape is ready response, 205
-r option, 75 tar archive, 86
-s option, 75 tar tape format, 197
-u option, 75 target
-V option, 75 changing, 80
-v option, 75 definition, 19
overview, 17 definition for remote operations, 119
syntax, 75 directory, 242
swpackage files, 37
logfile, 200 groups, 123, 138
options, 198 re-using in Job Browser, 114
overview, 17, 195 remote, 119
security checks, 167 selection, 37
syntax, 198 selection, swmodify, 75
swreg syntax, 37
overview, 17, 95 target selection
security checks, 168 remote operations, 122, 125
296 Index
target_directory, 259 defined attributes, 181
target_tape, 259 keyword, 182
target_type, 198, 259 specification, 182
targets option, 259 verbose, 259
task specific permissions, 167 listings, samples, 74
TCP/IP lists, 72
protocol, 266 option, -v, 47, 53, 60, 82, 92, 96, 115, 198
template ACL, 159 verify
default entries, 160 analysis phase, 58
Terminal User Interface (TUI), 19, 23, 42, 79, 87 installations, 58
terminate write-to-tape command, 205 operations, samples, 61
testing script, 208, 241
configuration scripts, 225 script, details, 219, 220
installation scripts, 225 scripts, executing, 58
removal scripts, 226 verify_signature, 260
timeout, 256 Verify_signature_Only, 260
connection, 266 versions, 143
options, 138 view menu, 108
resolving problems, 266 view preferences, changing, 27
too-restrictive permissions, 201 volatile, 241
Trojan Horse, 165
troubleshooting SD, 261 W
tutorial prerequisites, 124 WAN, 138, 141
WAN connection timeouts, 266
U warning, 255
UDP communications, 266 wide area network, 141
umask value, 190 wildcard, 205
uname attributes, 52, 75 wildcarding, partial, 193
uncompress_cmd, 259 window
uncompress_files, 140, 259 GUI components, 24
unconfigure script, 208 Software Selection, 43, 89
details, 219 swremove, 81
UNCONFIGURED state, 55 writable depot, 86
unconfiguring write permission, 96
removed software, 78 write-to-tape, terminate, 205
UNIX write_remote_files, 204, 260
run level, 17
user mode, 17 X
unpostinstall script, 208 XToolkit
for autorecovery, 142 -fn option, 34
unpreinstall script, 208 -font option, 34
for autorecovery, 142
unregistered depot, 95, 165
unregistering a depot, 95
updating
creating a network depot, 99
HP-UX, 271
SD-UX, 271
use_alternate_source, 141, 259
user
access, 162
ACL, 155
ACL matching, 154
user managing products in depots, 150
using depots, 85
V
var/spool/sw, 86
vendor
297